From c6056827ed5f794890f151be399ffdaccf9c075b Mon Sep 17 00:00:00 2001 From: scribu Date: Thu, 12 Aug 2010 23:21:05 +0000 Subject: [PATCH] Introduce WP_List_Table::check_permissions() and WP_List_Table::prepare_items(). Fixes #14596; See #14579 git-svn-id: http://svn.automattic.com/wordpress/trunk@15496 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-ajax.php | 30 +-- wp-admin/edit-comments.php | 10 +- wp-admin/edit-tags.php | 3 + wp-admin/edit.php | 3 + wp-admin/includes/default-list-tables.php | 247 ++++++++++++++-------- wp-admin/includes/list-table.php | 25 +++ wp-admin/link-manager.php | 12 +- wp-admin/network/sites.php | 10 +- wp-admin/network/users.php | 12 +- wp-admin/plugin-install.php | 5 +- wp-admin/plugins.php | 25 +-- wp-admin/theme-install.php | 5 +- wp-admin/themes.php | 10 +- wp-admin/upload.php | 29 ++- wp-admin/users.php | 10 +- wp-includes/functions.php | 5 +- 16 files changed, 271 insertions(+), 170 deletions(-) diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 81e01970b7..9dd4eec5bb 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -558,7 +558,7 @@ case 'add-tag' : set_current_screen($_POST['screen']); require_once( './includes/default-list-tables.php' ); - $table = new WP_Terms_Table( 'ajax' ); + $table = new WP_Terms_Table(); $level = 0; $tag_full_name = false; @@ -626,7 +626,7 @@ case 'add-comment' : die('-1'); require_once( './includes/default-list-tables.php' ); - $table = new WP_Comments_Table( 'ajax' ); + $table = new WP_Comments_Table(); global $comments; @@ -659,7 +659,7 @@ case 'get-comments' : die('-1'); require_once( './includes/default-list-tables.php' ); - $table = new WP_Comments_Table( 'ajax' ); + $table = new WP_Comments_Table(); global $comments; @@ -685,7 +685,7 @@ case 'replyto-comment' : check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); require_once( './includes/default-list-tables.php' ); - $table = new WP_Comments_Table( 'ajax' ); + $table = new WP_Comments_Table(); $comment_post_ID = (int) $_POST['comment_post_ID']; if ( !current_user_can( 'edit_post', $comment_post_ID ) ) @@ -776,7 +776,7 @@ case 'edit-comment' : add_filter( 'comment_author', 'floated_admin_avatar' ); require_once( './includes/default-list-tables.php' ); - $table = new WP_Comments_Table( 'ajax' ); + $table = new WP_Comments_Table(); ob_start(); $table->single_row( $comment_id, $mode, $comments_listing, $checkbox ); @@ -925,7 +925,7 @@ case 'add-user' : $user_object = new WP_User( $user_id ); require_once( './includes/default-list-tables.php' ); - $table = new WP_Users_Table( 'ajax' ); + $table = new WP_Users_Table(); $x = new WP_Ajax_Response( array( 'what' => 'user', @@ -1218,7 +1218,7 @@ case 'inline-save': edit_post(); require_once( './includes/default-list-tables.php' ); - $table = new WP_Posts_Table( 'ajax' ); + $table = new WP_Posts_Table(); $mode = $_POST['post_view']; $table->display_rows( array( get_post( $_POST['post_ID'] ) ) ); @@ -1228,19 +1228,14 @@ case 'inline-save': case 'inline-save-tax': check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); - $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false; - if ( ! $taxonomy ) - die( __('Cheatin’ uh?') ); - $tax = get_taxonomy($taxonomy); + require_once( './includes/default-list-tables.php' ); + $table = new WP_Terms_Table(); - if ( ! current_user_can( $tax->cap->edit_terms ) ) - die( __('Cheatin’ uh?') ); + $table->check_permissions('edit'); if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) die(-1); - $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; - $tag = get_term( $id, $taxonomy ); $_POST['description'] = $tag->description; @@ -1253,11 +1248,6 @@ case 'inline-save-tax': die( __('Item not updated.') ); } - set_current_screen( 'edit-' . $taxonomy ); - - require_once( './includes/default-list-tables.php' ); - $table = new WP_Terms_Table( 'ajax' ); - echo $table->single_row( $tag, 0, $taxonomy ); } else { if ( is_wp_error($updated) && $updated->get_error_message() ) diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 9a53d236a6..af21a2e6fb 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -9,8 +9,10 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); -if ( !current_user_can('edit_posts') ) - wp_die(__('Cheatin’ uh?')); +require_once( './includes/default-list-tables.php' ); + +$table = new WP_Comments_Table; +$table->check_permissions(); if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset( $_REQUEST['delete_all'] ) || isset( $_REQUEST['delete_all2'] ) ) { check_admin_referer( 'bulk-comments' ); @@ -95,9 +97,7 @@ if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset exit; } -require_once( './includes/default-list-tables.php' ); - -$table = new WP_Comments_Table; +$table->prepare_items(); wp_enqueue_script('admin-comments'); enqueue_comment_hotkeys_js(); diff --git a/wp-admin/edit-tags.php b/wp-admin/edit-tags.php index 160368cc4d..b157a6c7f2 100644 --- a/wp-admin/edit-tags.php +++ b/wp-admin/edit-tags.php @@ -12,6 +12,7 @@ require_once('./admin.php'); require_once( './includes/default-list-tables.php' ); $table = new WP_Terms_Table; +$table->check_permissions(); $title = $tax->labels->name; @@ -151,6 +152,8 @@ if ( ! empty($_REQUEST['_wp_http_referer']) ) { exit; } +$table->prepare_items(); + wp_enqueue_script('admin-tags'); if ( current_user_can($tax->cap->edit_terms) ) wp_enqueue_script('inline-edit-tax'); diff --git a/wp-admin/edit.php b/wp-admin/edit.php index bbf564b29b..9a7e13420f 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -12,6 +12,7 @@ require_once( './admin.php' ); require_once( './includes/default-list-tables.php' ); $table = new WP_Posts_Table; +$table->check_permissions(); // Back-compat for viewing comments of an entry if ( $_redirect = intval( max( @$_REQUEST['p'], @$_REQUEST['attachment_id'], @$_REQUEST['page_id'] ) ) ) { @@ -118,6 +119,8 @@ if ( 'post' != $post_type ) { $post_new_file = 'post-new.php'; } +$table->prepare_items(); + wp_enqueue_script('inline-edit-post'); $title = $post_type_object->labels->name; diff --git a/wp-admin/includes/default-list-tables.php b/wp-admin/includes/default-list-tables.php index ee81e555a5..be650e15b9 100644 --- a/wp-admin/includes/default-list-tables.php +++ b/wp-admin/includes/default-list-tables.php @@ -22,8 +22,8 @@ class WP_Posts_Table extends WP_List_Table { */ var $_hierarchical_display; - function WP_Posts_Table( $context = 'normal' ) { - global $post_type_object, $post_type, $avail_post_stati, $wp_query, $per_page, $mode, $current_screen; + function WP_Posts_Table() { + global $post_type_object, $post_type, $current_screen; if ( !isset( $_REQUEST['post_type'] ) ) $post_type = 'post'; @@ -35,16 +35,21 @@ class WP_Posts_Table extends WP_List_Table { $post_type_object = get_post_type_object( $post_type ); - if ( !current_user_can( $post_type_object->cap->edit_posts ) ) - wp_die( __( 'Cheatin’ uh?' ) ); - parent::WP_List_Table( array( 'screen' => $current_screen, 'plural' => 'posts', ) ); + } - if ( 'normal' != $context ) - return; + function check_permissions() { + global $post_type_object; + + if ( !current_user_can( $post_type_object->cap->edit_posts ) ) + wp_die( __( 'Cheatin’ uh?' ) ); + } + + function prepare_items() { + global $post_type_object, $post_type, $avail_post_stati, $wp_query, $per_page, $mode; $avail_post_stati = wp_edit_posts_query(); @@ -1072,34 +1077,24 @@ class WP_Posts_Table extends WP_List_Table { class WP_Media_Table extends WP_List_Table { - function WP_Media_Table( $context = 'normal' ) { - global $wpdb, $wp_query, $detached, $post_mime_types, $avail_post_mime_types; + function WP_Media_Table() { + global $detached; - if ( isset( $_REQUEST['find_detached'] ) ) { - if ( !current_user_can( 'edit_posts' ) ) - wp_die( __( 'You are not allowed to scan for lost attachments.' ) ); - - $lost = $wpdb->get_col( " - SELECT ID FROM $wpdb->posts - WHERE post_type = 'attachment' AND post_parent > '0' - AND post_parent NOT IN ( - SELECT ID FROM $wpdb->posts - WHERE post_type NOT IN ( 'attachment', '" . join( "', '", get_post_types( array( 'public' => false ) ) ) . "' ) - ) - " ); - - $_REQUEST['detached'] = 1; - } - - $detached = isset( $_REQUEST['detached'] ); + $detached = isset( $_REQUEST['detached'] ) || isset( $_REQUEST['find_detached'] ); parent::WP_List_Table( array( 'screen' => $detached ? 'upload-detached' : 'upload', 'plural' => 'media' ) ); + } - if ( 'normal' != $context ) - return; + function check_permissions() { + if ( !current_user_can('upload_files') ) + wp_die( __( 'You do not have permission to upload files.' ) ); + } + + function prepare_items() { + global $lost, $wpdb, $wp_query, $post_mime_types, $avail_post_mime_types; $q = $_REQUEST; @@ -1357,7 +1352,7 @@ foreach ( $columns as $column_name => $column_display_name ) { - >
+ >
$current_screen, - 'plural' => 'tags', - 'singular' => 'tag', - ) ); - - if ( 'normal' != $context ) - return; - - wp_reset_vars( array( 'action', 'tag', 'taxonomy', 'post_type' ) ); + wp_reset_vars( array( 'action', 'taxonomy', 'post_type' ) ); if ( empty( $taxonomy ) ) $taxonomy = 'post_tag'; @@ -1524,12 +1510,31 @@ class WP_Terms_Table extends WP_List_Table { $tax = get_taxonomy( $taxonomy ); - if ( ! current_user_can( $tax->cap->manage_terms ) ) - wp_die( __( 'Cheatin’ uh?' ) ); - if ( empty( $post_type ) || !in_array( $post_type, get_post_types( array( 'public' => true ) ) ) ) $post_type = 'post'; + if ( !isset( $current_screen ) ) + set_current_screen( 'edit-' . $taxonomy ); + + parent::WP_List_Table( array( + 'screen' => $current_screen, + 'plural' => 'tags', + 'singular' => 'tag', + ) ); + } + + function check_permissions( $type = 'manage' ) { + global $tax; + + $cap = 'manage' == $type ? $tax->cap->manage_terms : $tax->cap->edit_terms; + + if ( !current_user_can( $tax->cap->manage_terms ) ) + wp_die( __( 'Cheatin’ uh?' ) ); + } + + function prepare_items() { + global $taxonomy; + $tags_per_page = (int) get_user_option( 'edit_' . $taxonomy . '_per_page' ); if ( empty( $tags_per_page ) || $tags_per_page < 1 ) @@ -1851,17 +1856,21 @@ class WP_Terms_Table extends WP_List_Table { class WP_Users_Table extends WP_List_Table { - function WP_Users_Table( $context = 'normal' ) { + function WP_Users_Table() { global $role, $usersearch; parent::WP_List_Table( array( 'screen' => 'users', 'plural' => 'users' ) ); + } - if ( 'normal' != $context ) - return; + function check_permissions() { + if ( !current_user_can('list_users') ) + wp_die(__('Cheatin’ uh?')); + } + function prepare_items() { $usersearch = isset( $_REQUEST['s'] ) ? $_REQUEST['s'] : ''; $role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : ''; @@ -2089,21 +2098,25 @@ class WP_Users_Table extends WP_List_Table { class WP_Comments_Table extends WP_List_Table { - function WP_Comments_Table( $context = 'normal' ) { - global $comments, $extra_comments, $total_comments, $post_id, $comment_status, $mode; - - $mode = ( empty( $_REQUEST['mode'] ) ) ? 'detail' : $_REQUEST['mode']; - + function WP_Comments_Table() { parent::WP_List_Table( array( 'screen' => 'edit-comments', 'plural' => 'comments' ) ); + } - if ( 'normal' != $context ) - return; + function check_permissions() { + if ( !current_user_can('edit_posts') ) + wp_die(__('Cheatin’ uh?')); + } + + function prepare_items() { + global $comments, $extra_comments, $total_comments, $post_id, $comment_status, $mode; $post_id = isset( $_REQUEST['post_ID'] ) ? absint( $_REQUEST['post_ID'] ) : 0; + $mode = ( empty( $_REQUEST['mode'] ) ) ? 'detail' : $_REQUEST['mode']; + $comment_status = isset( $_REQUEST['comment_status'] ) ? $_REQUEST['comment_status'] : 'all'; if ( !in_array( $comment_status, array( 'all', 'moderated', 'approved', 'spam', 'trash' ) ) ) $comment_status = 'all'; @@ -2508,6 +2521,18 @@ class WP_Comments_Table extends WP_List_Table { class WP_Links_Table extends WP_List_Table { function WP_Links_Table() { + parent::WP_List_Table( array( + 'screen' => 'link-manager', + 'plural' => 'bookmarks', + ) ); + } + + function check_permissions() { + if ( ! current_user_can( 'manage_links' ) ) + wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) ); + } + + function prepare_items() { global $cat_id, $s, $orderby, $order; wp_reset_vars( array( 'action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'orderby', 'order', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]', 's' ) ); @@ -2524,12 +2549,7 @@ class WP_Links_Table extends WP_List_Table { $args['order'] = $order; $this->items = get_bookmarks( $args ); - - parent::WP_List_Table( array( - 'screen' => 'link-manager', - 'plural' => 'bookmarks', - ) ); - } + } function no_items() { _e( 'No links found.' ); @@ -2690,15 +2710,22 @@ class WP_Links_Table extends WP_List_Table { class WP_Sites_Table extends WP_List_Table { function WP_Sites_Table() { + parent::WP_List_Table( array( + 'screen' => 'ms-sites', + 'plural' => 'sites', + ) ); + } + + function check_permissions() { + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __( 'You do not have permission to access this page.' ) ); + } + + function prepare_items() { global $s, $mode, $wpdb; $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode']; - parent::WP_List_Table( array( - 'callback' => 'site_rows', - 'screen' => 'ms-sites', - ) ); - $pagenum = $this->get_pagenum(); $per_page = (int) get_user_option( 'ms_sites_per_page' ); @@ -2978,13 +3005,23 @@ class WP_Sites_Table extends WP_List_Table { class WP_MS_Users_Table extends WP_List_Table { function WP_MS_Users_Table() { - global $s, $mode, $wpdb; - - $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode']; - parent::WP_List_Table( array( 'screen' => 'ms-users', ) ); + } + + function check_permissions() { + if ( !is_multisite() ) + wp_die( __( 'Multisite support is not enabled.' ) ); + + if ( ! current_user_can( 'manage_network_users' ) ) + wp_die( __( 'You do not have permission to access this page.' ) ); + } + + function prepare_items() { + global $s, $mode, $wpdb; + + $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode']; $pagenum = $this->get_pagenum(); @@ -3201,24 +3238,31 @@ class WP_MS_Users_Table extends WP_List_Table { class WP_Plugins_Table extends WP_List_Table { function WP_Plugins_Table() { - global $status, $plugins, $totals, $page, $orderby, $order, $s; - parent::WP_List_Table( array( 'screen' => 'plugins', 'plural' => 'plugins', ) ); + } + + function check_permissions() { + if ( is_multisite() ) { + $menu_perms = get_site_option( 'menu_items', array() ); + + if ( empty( $menu_perms['plugins'] ) ) { + if ( !is_super_admin() ) + wp_die( __( 'Cheatin’ uh?' ) ); + } + } + + if ( !current_user_can('activate_plugins') ) + wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); + } + + function prepare_items() { + global $status, $plugins, $totals, $page, $orderby, $order, $s; wp_reset_vars( array( 'orderby', 'order', 's' ) ); - $default_status = get_user_option( 'plugins_last_view' ); - if ( empty( $default_status ) ) - $default_status = 'all'; - $status = isset( $_REQUEST['plugin_status'] ) ? $_REQUEST['plugin_status'] : $default_status; - if ( !in_array( $status, array( 'all', 'active', 'inactive', 'recently_activated', 'upgrade', 'network', 'mustuse', 'dropins', 'search' ) ) ) - $status = 'all'; - if ( $status != $default_status && 'search' != $status ) - update_user_meta( get_current_user_id(), 'plugins_last_view', $status ); - $page = $this->get_pagenum(); $plugins = array( @@ -3538,13 +3582,20 @@ class WP_Plugins_Table extends WP_List_Table { class WP_Plugin_Install_Table extends WP_List_Table { function WP_Plugin_Install_Table() { - include( ABSPATH . 'wp-admin/includes/plugin-install.php' ); - - global $tabs, $tab, $paged, $type, $term; - parent::WP_List_Table( array( 'screen' => 'plugin-install', ) ); + } + + function check_permissions() { + if ( ! current_user_can('install_plugins') ) + wp_die(__('You do not have sufficient permissions to install plugins on this site.')); + } + + function prepare_items() { + include( ABSPATH . 'wp-admin/includes/plugin-install.php' ); + + global $tabs, $tab, $paged, $type, $term; wp_reset_vars( array( 'tab' ) ); @@ -3743,6 +3794,17 @@ class WP_Plugin_Install_Table extends WP_List_Table { class WP_Themes_Table extends WP_List_Table { function WP_Themes_Table() { + parent::__construct( array( + 'screen' => 'themes', + ) ); + } + + function check_permissions() { + if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) + wp_die( __( 'Cheatin’ uh?' ) ); + } + + function prepare_items() { global $ct; $ct = current_theme_info(); @@ -3758,10 +3820,6 @@ class WP_Themes_Table extends WP_List_Table { $this->items = array_slice( $themes, $start, $per_page ); - parent::__construct( array( - 'screen' => 'themes', - ) ); - $this->set_pagination_args( array( 'query_var' => 'pagenum', 'total_items' => count( $themes ), @@ -3885,14 +3943,21 @@ foreach ( $cols as $col => $theme_name ) { class WP_Theme_Install_Table extends WP_List_Table { function WP_Theme_Install_Table() { - include( ABSPATH . 'wp-admin/includes/theme-install.php' ); - - global $tabs, $tab, $paged, $type, $term, $theme_field_defaults; - parent::WP_List_Table( array( 'screen' => 'theme-install', ) ); + } + function check_permissions() { + if ( ! current_user_can('install_themes') ) + wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) ); + } + + function prepare_items() { + include( ABSPATH . 'wp-admin/includes/theme-install.php' ); + + global $tabs, $tab, $paged, $type, $term, $theme_field_defaults; + wp_reset_vars( array( 'tab' ) ); $paged = $this->get_pagenum(); diff --git a/wp-admin/includes/list-table.php b/wp-admin/includes/list-table.php index 9eb129d7eb..4fec2ecebe 100644 --- a/wp-admin/includes/list-table.php +++ b/wp-admin/includes/list-table.php @@ -93,6 +93,28 @@ class WP_List_Table { } } + /** + * Checks the current user's permissions + * @uses wp_die() + * + * @since 3.1.0 + * @access public + */ + function check_permissions() { + die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' ); + } + + /** + * Prepares the list of items for displaying. + * @uses WP_List_Table::set_pagination_args() + * + * @since 3.1.0 + * @access public + */ + function prepare_items() { + die( 'function WP_List_Table::prepare_items() must be over-ridden in a sub-class.' ); + } + /** * An internal method that sets all the necessary pagination arguments * @@ -568,6 +590,9 @@ class WP_List_Table { * @access public */ function ajax_response() { + $this->check_permissions(); + $this->prepare_items(); + extract( $this->_args ); extract( $this->_pagination_args ); diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 0d68e07af5..dd5540f3a7 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -9,15 +9,17 @@ /** Load WordPress Administration Bootstrap */ require_once ('admin.php'); +require_once( './includes/default-list-tables.php' ); + +$table = new WP_Links_Table; +$table->check_permissions(); + // Handle bulk deletes if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['linkcheck'] ) ) { check_admin_referer( 'bulk-bookmarks' ); $doaction = $_REQUEST['action'] ? $_REQUEST['action'] : $_REQUEST['action2']; - if ( ! current_user_can( 'manage_links' ) ) - wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) ); - if ( 'delete' == $doaction ) { $bulklinks = (array) $_REQUEST['linkcheck']; foreach ( $bulklinks as $link_id ) { @@ -33,9 +35,7 @@ if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['linkcheck'] ) ) { exit; } -require_once( './includes/default-list-tables.php' ); - -$table = new WP_Links_Table; +$table->prepare_items(); $title = __('Links'); $this_file = $parent_file = 'link-manager.php'; diff --git a/wp-admin/network/sites.php b/wp-admin/network/sites.php index a68b82e47b..2681fb0b67 100644 --- a/wp-admin/network/sites.php +++ b/wp-admin/network/sites.php @@ -12,8 +12,10 @@ require_once( './admin.php' ); if ( ! is_multisite() ) wp_die( __( 'Multisite support is not enabled.' ) ); -if ( ! current_user_can( 'manage_sites' ) ) - wp_die( __( 'You do not have permission to access this page.' ) ); +require_once( '../includes/default-list-tables.php' ); + +$table = new WP_Sites_Table; +$table->check_permissions(); $title = __( 'Sites' ); $parent_file = 'sites.php'; @@ -348,9 +350,7 @@ switch ( $action ) { // List sites case 'list': default: - require_once( '../includes/default-list-tables.php' ); - - $table = new WP_Sites_Table; + $table->prepare_items(); require_once( '../admin-header.php' ); ?> diff --git a/wp-admin/network/users.php b/wp-admin/network/users.php index ffa9222b51..6378c74b5a 100644 --- a/wp-admin/network/users.php +++ b/wp-admin/network/users.php @@ -9,11 +9,11 @@ require_once( './admin.php' ); -if ( !is_multisite() ) - wp_die( __( 'Multisite support is not enabled.' ) ); +require_once( '../includes/default-list-tables.php' ); -if ( ! current_user_can( 'manage_network_users' ) ) - wp_die( __( 'You do not have permission to access this page.' ) ); +$table = new WP_MS_Users_Table; +$table->check_permissions(); +$table->prepare_items(); $title = __( 'Users' ); $parent_file = 'users.php'; @@ -32,10 +32,6 @@ add_contextual_help($current_screen, '

' . __('Support Forums') . '

' ); -require_once( '../includes/default-list-tables.php' ); - -$table = new WP_MS_Users_Table; - require_once( '../admin-header.php' ); if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) { diff --git a/wp-admin/plugin-install.php b/wp-admin/plugin-install.php index 74be3e641a..a298975bf0 100644 --- a/wp-admin/plugin-install.php +++ b/wp-admin/plugin-install.php @@ -9,12 +9,11 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); -if ( ! current_user_can('install_plugins') ) - wp_die(__('You do not have sufficient permissions to install plugins on this site.')); - require_once( './includes/default-list-tables.php' ); $table = new WP_Plugin_Install_Table; +$table->check_permissions(); +$table->prepare_items(); $title = __('Install Plugins'); $parent_file = 'plugins.php'; diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 34e48d4a3a..e1c44d8dfc 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -8,17 +8,11 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); -if ( is_multisite() ) { - $menu_perms = get_site_option( 'menu_items', array() ); - - if ( empty( $menu_perms['plugins'] ) ) { - if ( ! is_super_admin() ) - wp_die( __( 'Cheatin’ uh?' ) ); - } -} -if ( ! current_user_can( 'activate_plugins' ) ) - wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); +require_once( ABSPATH . 'wp-admin/includes/default-list-tables.php' ); + +$table = new WP_Plugins_Table; +$table->check_permissions(); if ( isset($_POST['clear-recent-list']) ) $action = 'clear-recent-list'; @@ -299,9 +293,16 @@ if ( !empty($action) ) { } } -require_once( ABSPATH . 'wp-admin/includes/default-list-tables.php' ); +$default_status = get_user_option( 'plugins_last_view' ); +if ( empty( $default_status ) ) + $default_status = 'all'; +$status = isset( $_REQUEST['plugin_status'] ) ? $_REQUEST['plugin_status'] : $default_status; +if ( !in_array( $status, array( 'all', 'active', 'inactive', 'recently_activated', 'upgrade', 'network', 'mustuse', 'dropins', 'search' ) ) ) + $status = 'all'; +if ( $status != $default_status && 'search' != $status ) + update_user_meta( get_current_user_id(), 'plugins_last_view', $status ); -$table = new WP_Plugins_Table; +$table->prepare_items(); wp_enqueue_script('plugin-install'); add_thickbox(); diff --git a/wp-admin/theme-install.php b/wp-admin/theme-install.php index 70c1e5b79f..0bca50950e 100644 --- a/wp-admin/theme-install.php +++ b/wp-admin/theme-install.php @@ -9,12 +9,11 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); -if ( ! current_user_can('install_themes') ) - wp_die(__('You do not have sufficient permissions to install themes on this site.')); - require_once( './includes/default-list-tables.php' ); $table = new WP_Theme_Install_Table; +$table->check_permissions(); +$table->prepare_items(); $title = __('Install Themes'); $parent_file = 'themes.php'; diff --git a/wp-admin/themes.php b/wp-admin/themes.php index 969929189b..f0de761126 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -9,8 +9,10 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); -if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) - wp_die( __( 'Cheatin’ uh?' ) ); +require_once( './includes/default-list-tables.php' ); + +$table = new WP_Themes_Table; +$table->check_permissions(); if ( current_user_can('switch_themes') && isset($_GET['action']) ) { if ( 'activate' == $_GET['action'] ) { @@ -28,9 +30,7 @@ if ( current_user_can('switch_themes') && isset($_GET['action']) ) { } } -require_once( './includes/default-list-tables.php' ); - -$table = new WP_Themes_Table; +$table->prepare_items(); $title = __('Manage Themes'); $parent_file = 'themes.php'; diff --git a/wp-admin/upload.php b/wp-admin/upload.php index 2bd5fac4b2..d488f4f356 100644 --- a/wp-admin/upload.php +++ b/wp-admin/upload.php @@ -9,11 +9,30 @@ /** WordPress Administration Bootstrap */ require_once( './admin.php' ); -if ( !current_user_can('upload_files') ) - wp_die(__('You do not have permission to upload files.')); +require_once( './includes/default-list-tables.php' ); + +$table = new WP_Media_Table; +$table->check_permissions(); // Handle bulk actions -if ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) { +if ( isset($_REQUEST['find_detached']) ) { + check_admin_referer('bulk-media'); + + if ( !current_user_can('edit_posts') ) + wp_die( __('You are not allowed to scan for lost attachments.') ); + + $lost = $wpdb->get_col( " + SELECT ID FROM $wpdb->posts + WHERE post_type = 'attachment' AND post_parent > '0' + AND post_parent NOT IN ( + SELECT ID FROM $wpdb->posts + WHERE post_type NOT IN ( 'attachment', '" . join( "', '", get_post_types( array( 'public' => false ) ) ) . "' ) + ) + " ); + + $_REQUEST['detached'] = 1; + +} elseif ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) { check_admin_referer( 'bulk-media' ); $parent_id = (int) $_REQUEST['found_post_id']; @@ -111,9 +130,7 @@ if ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) { exit; } -require_once( './includes/default-list-tables.php' ); - -$table = new WP_Media_Table; +$table->prepare_items(); $title = __('Media Library'); $parent_file = 'upload.php'; diff --git a/wp-admin/users.php b/wp-admin/users.php index ca6445e5de..a7c761b4b4 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -12,8 +12,10 @@ require_once( './admin.php' ); /** WordPress Registration API */ require_once( ABSPATH . WPINC . '/registration.php'); -if ( !current_user_can('list_users') ) - wp_die(__('Cheatin’ uh?')); +require_once( './includes/default-list-tables.php' ); + +$table = new WP_Users_Table; +$table->check_permissions(); $title = __('Users'); $parent_file = 'users.php'; @@ -306,9 +308,7 @@ default: exit; } - require_once( './includes/default-list-tables.php' ); - - $table = new WP_Users_Table; + $table->prepare_items(); include('./admin-header.php'); diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 350cdce10a..28f501f038 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -2656,9 +2656,12 @@ function wp_nonce_ays( $action ) { * @param string|array $args Optional arguements to control behaviour. */ function wp_die( $message, $title = '', $args = array() ) { + if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) + die('-1'); + if ( function_exists( 'apply_filters' ) ) { $function = apply_filters( 'wp_die_handler', '_default_wp_die_handler'); - }else { + } else { $function = '_default_wp_die_handler'; }