From d817ad9b55e8f77a0363e6bbace6826464ef77ca Mon Sep 17 00:00:00 2001
From: Andrew Ozz <admin@laptoptips.ca>
Date: Fri, 13 Nov 2020 16:57:13 +0000
Subject: [PATCH] Upgrade/Install: Ensure the current user can update core when
 saving the auto-update options.

See #51742.
Built from https://develop.svn.wordpress.org/trunk@49593


git-svn-id: http://core.svn.wordpress.org/trunk@49331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/update-core.php | 5 +++++
 wp-includes/version.php  | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php
index dfd7b06a5a..5a4a8d369f 100644
--- a/wp-admin/update-core.php
+++ b/wp-admin/update-core.php
@@ -1205,6 +1205,11 @@ if ( 'upgrade-core' === $action ) {
 	require_once ABSPATH . 'wp-admin/admin-footer.php';
 
 } elseif ( 'core-major-auto-updates-settings' === $action ) {
+
+	if ( ! current_user_can( 'update_core' ) ) {
+		wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
+	}
+
 	$redirect_url = self_admin_url( 'update-core.php' );
 
 	if ( isset( $_GET['value'] ) ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 8968c90e6c..9af0051f34 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.6-beta4-49592';
+$wp_version = '5.6-beta4-49593';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.