Remove check_permissions() calls outside of AJAX context. Also only check for switch_themes in check_permissions() for the themes table. see #15326.

git-svn-id: http://svn.automattic.com/wordpress/trunk@16990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2010-12-16 08:43:22 +00:00
parent a132ad0ced
commit cc08068dba
19 changed files with 38 additions and 38 deletions

View File

@ -12,7 +12,6 @@ if ( !current_user_can('edit_posts') )
wp_die(__('Cheatin’ uh?'));
$wp_list_table = get_list_table('WP_Comments_List_Table');
$wp_list_table->check_permissions();
$pagenum = $wp_list_table->get_pagenum();
$doaction = $wp_list_table->current_action();

View File

@ -13,7 +13,6 @@ if ( !current_user_can( $tax->cap->manage_terms ) )
wp_die( __( 'Cheatin’ uh?' ) );
$wp_list_table = get_list_table('WP_Terms_List_Table');
$wp_list_table->check_permissions();
$title = $tax->labels->name;

View File

@ -24,7 +24,6 @@ if ( !current_user_can($post_type_object->cap->edit_posts) )
wp_die(__('Cheatin’ uh?'));
$wp_list_table = get_list_table('WP_Posts_List_Table');
$wp_list_table->check_permissions();
$pagenum = $wp_list_table->get_pagenum();
// Back-compat for viewing comments of an entry

View File

@ -39,10 +39,8 @@ class WP_MS_Themes_List_Table extends WP_List_Table {
function check_permissions() {
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['themes'] ) ) {
if ( !is_super_admin() )
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin’ uh?' ) );
}
if ( $this->is_site_themes && !current_user_can('manage_sites') )
wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );

View File

@ -31,11 +31,9 @@ class WP_Plugins_List_Table extends WP_List_Table {
if ( is_multisite() ) {
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) ) {
if ( !is_super_admin() )
if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin’ uh?' ) );
}
}
if ( !current_user_can('activate_plugins') )
wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );

View File

@ -12,7 +12,8 @@ class WP_Themes_List_Table extends WP_List_Table {
var $features = array();
function check_permissions() {
if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
// Do not check edit_theme_options here. AJAX calls for available themes require switch_themes.
if ( !current_user_can('switch_themes') )
wp_die( __( 'Cheatin’ uh?' ) );
}

View File

@ -25,7 +25,7 @@ class WP_Users_List_Table extends WP_List_Table {
}
function check_permissions() {
if ( !current_user_can('list_users') )
if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) )
wp_die( __( 'Cheatin’ uh?' ) );
if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) )

View File

@ -12,7 +12,6 @@ if ( ! current_user_can( 'manage_links' ) )
wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
$wp_list_table = get_list_table('WP_Links_List_Table');
$wp_list_table->check_permissions();
// Handle bulk deletes
$doaction = $wp_list_table->current_action();

View File

@ -15,10 +15,8 @@ if ( ! is_multisite() )
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['themes'] ) ) {
if ( !is_super_admin() )
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin’ uh?' ) );
}
if ( ! current_user_can( 'manage_sites' ) )
wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );
@ -34,7 +32,6 @@ add_contextual_help($current_screen,
);
$wp_list_table = get_list_table('WP_MS_Themes_List_Table');
$wp_list_table->check_permissions();
$action = $wp_list_table->current_action();

View File

@ -17,7 +17,6 @@ if ( ! current_user_can('manage_sites') )
wp_die(__('You do not have sufficient permissions to edit this site.'));
$wp_list_table = get_list_table('WP_Users_List_Table');
$wp_list_table->check_permissions();
$wp_list_table->prepare_items();
$action = $wp_list_table->current_action();

View File

@ -13,8 +13,10 @@ require_once( './admin.php' );
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_sites' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
$wp_list_table = get_list_table('WP_MS_Sites_List_Table');
$wp_list_table->check_permissions();
$title = __( 'Sites' );
$parent_file = 'sites.php';

View File

@ -15,16 +15,13 @@ if ( ! is_multisite() )
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['themes'] ) ) {
if ( !is_super_admin() )
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin’ uh?' ) );
}
if ( !current_user_can('manage_network_themes') )
wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) );
$wp_list_table = get_list_table('WP_MS_Themes_List_Table');
$wp_list_table->check_permissions();
$action = $wp_list_table->current_action();

View File

@ -13,8 +13,10 @@ require_once( './admin.php' );
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
$wp_list_table = get_list_table('WP_MS_Users_List_Table');
$wp_list_table->check_permissions();
$wp_list_table->prepare_items();
$title = __( 'Users' );

View File

@ -11,6 +11,7 @@ if ( !defined( 'IFRAME_REQUEST' ) && isset( $_GET['tab'] ) && ( 'plugin-informat
/** WordPress Administration Bootstrap */
require_once('./admin.php');
if ( ! current_user_can('install_plugins') )
wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
@ -20,7 +21,6 @@ if ( is_multisite() && ! is_network_admin() ) {
}
$wp_list_table = get_list_table('WP_Plugin_Install_List_Table');
$wp_list_table->check_permissions();
$wp_list_table->prepare_items();
$title = __('Install Plugins');

View File

@ -9,11 +9,17 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
if ( is_multisite() ) {
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin’ uh?' ) );
}
if ( !current_user_can('activate_plugins') )
wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
$wp_list_table = get_list_table('WP_Plugins_List_Table');
$wp_list_table->check_permissions();
$action = $wp_list_table->current_action();

View File

@ -11,6 +11,7 @@ if ( !defined( 'IFRAME_REQUEST' ) && isset( $_GET['tab'] ) && ( 'theme-informati
/** WordPress Administration Bootstrap */
require_once('./admin.php');
if ( ! current_user_can('install_themes') )
wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
@ -20,7 +21,6 @@ if ( is_multisite() && ! is_network_admin() ) {
}
$wp_list_table = get_list_table('WP_Theme_Install_List_Table');
$wp_list_table->check_permissions();
$wp_list_table->prepare_items();
$title = __('Install Themes');

View File

@ -8,11 +8,11 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
wp_die( __( 'Cheatin’ uh?' ) );
$wp_list_table = get_list_table('WP_Themes_List_Table');
$wp_list_table->check_permissions();
if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) {
if ( 'activate' == $_GET['action'] ) {

View File

@ -9,8 +9,10 @@
/** WordPress Administration Bootstrap */
require_once( './admin.php' );
if ( !current_user_can('upload_files') )
wp_die( __( 'You do not have permission to upload files.' ) );
$wp_list_table = get_list_table('WP_Media_List_Table');
$wp_list_table->check_permissions();
// Handle bulk actions
$doaction = $wp_list_table->current_action();

View File

@ -9,8 +9,10 @@
/** WordPress Administration Bootstrap */
require_once( './admin.php' );
if ( ! current_user_can( 'list_users' ) )
wp_die( __( 'Cheatin’ uh?' ) );
$wp_list_table = get_list_table('WP_Users_List_Table');
$wp_list_table->check_permissions();
$title = __('Users');
$parent_file = 'users.php';