The `query-attachments` AJAX action immediately errors out if the user doesn't have the `upload_files` cap. As such, the Customizer shouldn't show buttons that launch the media modal when the user doesn't have the proper permissions to query attachments.

See #32654.

Built from https://develop.svn.wordpress.org/trunk@32913


git-svn-id: http://core.svn.wordpress.org/trunk@32884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2015-06-23 18:20:27 +00:00
parent 3ffe2a059d
commit f61501f57f
4 changed files with 11 additions and 4 deletions

View File

@ -259,6 +259,7 @@ class Custom_Background {
</tr> </tr>
<?php endif; ?> <?php endif; ?>
<?php if ( current_user_can( 'upload_files' ) ): ?>
<tr> <tr>
<th scope="row"><?php _e('Select Image'); ?></th> <th scope="row"><?php _e('Select Image'); ?></th>
<td><form enctype="multipart/form-data" id="upload-form" class="wp-upload-form" method="post"> <td><form enctype="multipart/form-data" id="upload-form" class="wp-upload-form" method="post">
@ -278,6 +279,7 @@ class Custom_Background {
</form> </form>
</td> </td>
</tr> </tr>
<?php endif; ?>
</tbody> </tbody>
</table> </table>

View File

@ -509,7 +509,7 @@ class Custom_Image_Header {
</tr> </tr>
<?php endif; ?> <?php endif; ?>
<?php if ( current_theme_supports( 'custom-header', 'uploads' ) ) : ?> <?php if ( current_user_can( 'upload_files' ) && current_theme_supports( 'custom-header', 'uploads' ) ) : ?>
<tr> <tr>
<th scope="row"><?php _e( 'Select Image' ); ?></th> <th scope="row"><?php _e( 'Select Image' ); ?></th>
<td> <td>

View File

@ -721,6 +721,7 @@ class WP_Customize_Media_Control extends WP_Customize_Control {
$this->json['label'] = html_entity_decode( $this->label, ENT_QUOTES, get_bloginfo( 'charset' ) ); $this->json['label'] = html_entity_decode( $this->label, ENT_QUOTES, get_bloginfo( 'charset' ) );
$this->json['mime_type'] = $this->mime_type; $this->json['mime_type'] = $this->mime_type;
$this->json['button_labels'] = $this->button_labels; $this->json['button_labels'] = $this->button_labels;
$this->json['canUpload'] = current_user_can( 'upload_files' );
$value = $this->value(); $value = $this->value();
@ -823,9 +824,11 @@ class WP_Customize_Media_Control extends WP_Customize_Control {
</div> </div>
</div> </div>
<div class="actions"> <div class="actions">
<# if ( data.canUpload ) { #>
<button type="button" class="button remove-button"><?php echo $this->button_labels['remove']; ?></button> <button type="button" class="button remove-button"><?php echo $this->button_labels['remove']; ?></button>
<button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['change']; ?></button> <button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['change']; ?></button>
<div style="clear:both"></div> <div style="clear:both"></div>
<# } #>
</div> </div>
<# } else { #> <# } else { #>
<div class="current"> <div class="current">
@ -843,7 +846,9 @@ class WP_Customize_Media_Control extends WP_Customize_Control {
<# if ( data.defaultAttachment ) { #> <# if ( data.defaultAttachment ) { #>
<button type="button" class="button default-button"><?php echo $this->button_labels['default']; ?></button> <button type="button" class="button default-button"><?php echo $this->button_labels['default']; ?></button>
<# } #> <# } #>
<# if ( data.canUpload ) { #>
<button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['select']; ?></button> <button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['select']; ?></button>
<# } #>
<div style="clear:both"></div> <div style="clear:both"></div>
</div> </div>
<# } #> <# } #>
@ -1158,8 +1163,6 @@ class WP_Customize_Header_Image_Control extends WP_Customize_Image_Control {
$width = absint( get_theme_support( 'custom-header', 'width' ) ); $width = absint( get_theme_support( 'custom-header', 'width' ) );
$height = absint( get_theme_support( 'custom-header', 'height' ) ); $height = absint( get_theme_support( 'custom-header', 'height' ) );
?> ?>
<div class="customize-control-content"> <div class="customize-control-content">
<p class="customizer-section-intro"> <p class="customizer-section-intro">
<?php <?php
@ -1180,11 +1183,13 @@ class WP_Customize_Header_Image_Control extends WP_Customize_Image_Control {
</div> </div>
</div> </div>
<div class="actions"> <div class="actions">
<?php if ( current_user_can( 'upload_files' ) ): ?>
<?php /* translators: Hide as in hide header image via the Customizer */ ?> <?php /* translators: Hide as in hide header image via the Customizer */ ?>
<button type="button"<?php echo $visibility ?> class="button remove"><?php _ex( 'Hide image', 'custom header' ); ?></button> <button type="button"<?php echo $visibility ?> class="button remove"><?php _ex( 'Hide image', 'custom header' ); ?></button>
<?php /* translators: New as in add new header image via the Customizer */ ?> <?php /* translators: New as in add new header image via the Customizer */ ?>
<button type="button" class="button new"><?php _ex( 'Add new image', 'header image' ); ?></button> <button type="button" class="button new"><?php _ex( 'Add new image', 'header image' ); ?></button>
<div style="clear:both"></div> <div style="clear:both"></div>
<?php endif; ?>
</div> </div>
<div class="choices"> <div class="choices">
<span class="customize-control-title header-previously-uploaded"> <span class="customize-control-title header-previously-uploaded">

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.3-alpha-32912'; $wp_version = '4.3-alpha-32913';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.