From 266cd3f5dfb0d92b11dcaeab091b043cfe864ed8 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Thu, 16 Dec 2010 09:18:28 +0000 Subject: [PATCH] Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326. git-svn-id: https://develop.svn.wordpress.org/trunk@16992 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/admin-ajax.php | 16 ++++++++++++---- .../includes/class-wp-comments-list-table.php | 5 ++--- wp-admin/includes/class-wp-links-list-table.php | 5 ++--- wp-admin/includes/class-wp-list-table.php | 4 ++-- wp-admin/includes/class-wp-media-list-table.php | 5 ++--- .../includes/class-wp-ms-sites-list-table.php | 5 ++--- .../includes/class-wp-ms-themes-list-table.php | 9 +++++---- .../includes/class-wp-ms-users-list-table.php | 5 ++--- .../class-wp-plugin-install-list-table.php | 5 ++--- .../includes/class-wp-plugins-list-table.php | 7 +++---- wp-admin/includes/class-wp-posts-list-table.php | 5 ++--- wp-admin/includes/class-wp-terms-list-table.php | 6 ++---- .../class-wp-theme-install-list-table.php | 5 ++--- wp-admin/includes/class-wp-themes-list-table.php | 5 ++--- wp-admin/includes/class-wp-users-list-table.php | 11 +++++------ 15 files changed, 47 insertions(+), 51 deletions(-) diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index ce3a5be42b..0979971488 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -61,7 +61,9 @@ case 'fetch-list' : if ( ! $wp_list_table ) die( '0' ); - $wp_list_table->check_permissions(); + if ( ! $wp_list_table->ajax_user_can() ) + die( '-1' ); + $wp_list_table->ajax_response(); die( '0' ); @@ -1200,12 +1202,18 @@ case 'inline-save': case 'inline-save-tax': check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); - set_current_screen( 'edit-' . $_POST['taxonomy'] ); + $taxonomy = sanitize_key( $_POST['taxonomy'] ); + $tax = get_taxonomy( $taxonomy ); + if ( ! $tax ) + die( '0' ); + + if ( ! current_user_can( $tax->cap->edit_terms ) ) + die( '-1' ); + + set_current_screen( 'edit-' . $taxonomy ); $wp_list_table = get_list_table('WP_Terms_List_Table'); - $wp_list_table->check_permissions('edit'); - if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) die(-1); diff --git a/wp-admin/includes/class-wp-comments-list-table.php b/wp-admin/includes/class-wp-comments-list-table.php index 84134dfb32..548db676f0 100644 --- a/wp-admin/includes/class-wp-comments-list-table.php +++ b/wp-admin/includes/class-wp-comments-list-table.php @@ -33,9 +33,8 @@ class WP_Comments_List_Table extends WP_List_Table { ) ); } - function check_permissions() { - if ( !current_user_can('edit_posts') ) - wp_die(__('Cheatin’ uh?')); + function ajax_user_can() { + return current_user_can('edit_posts'); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-links-list-table.php b/wp-admin/includes/class-wp-links-list-table.php index 627d5be491..cf27dfe7e9 100644 --- a/wp-admin/includes/class-wp-links-list-table.php +++ b/wp-admin/includes/class-wp-links-list-table.php @@ -14,9 +14,8 @@ class WP_Links_List_Table extends WP_List_Table { ) ); } - function check_permissions() { - if ( ! current_user_can( 'manage_links' ) ) - wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) ); + function ajax_user_can() { + return current_user_can( 'manage_links' ); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-list-table.php b/wp-admin/includes/class-wp-list-table.php index 96ef18136c..fa24925e0a 100644 --- a/wp-admin/includes/class-wp-list-table.php +++ b/wp-admin/includes/class-wp-list-table.php @@ -105,8 +105,8 @@ class WP_List_Table { * @since 3.1.0 * @access public */ - function check_permissions() { - die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' ); + function ajax_user_can() { + die( 'function WP_List_Table::ajax_user_can() must be over-ridden in a sub-class.' ); } /** diff --git a/wp-admin/includes/class-wp-media-list-table.php b/wp-admin/includes/class-wp-media-list-table.php index 2f313566b5..3cb89b5af9 100644 --- a/wp-admin/includes/class-wp-media-list-table.php +++ b/wp-admin/includes/class-wp-media-list-table.php @@ -16,9 +16,8 @@ class WP_Media_List_Table extends WP_List_Table { ) ); } - function check_permissions() { - if ( !current_user_can('upload_files') ) - wp_die( __( 'You do not have permission to upload files.' ) ); + function ajax_user_can() { + return current_user_can('upload_files'); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-ms-sites-list-table.php b/wp-admin/includes/class-wp-ms-sites-list-table.php index 2edcb94fc8..d54695fa5d 100644 --- a/wp-admin/includes/class-wp-ms-sites-list-table.php +++ b/wp-admin/includes/class-wp-ms-sites-list-table.php @@ -14,9 +14,8 @@ class WP_MS_Sites_List_Table extends WP_List_Table { ) ); } - function check_permissions() { - if ( ! current_user_can( 'manage_sites' ) ) - wp_die( __( 'You do not have permission to access this page.' ) ); + function ajax_user_can() { + return current_user_can( 'manage_sites' ); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-ms-themes-list-table.php b/wp-admin/includes/class-wp-ms-themes-list-table.php index ffa91c7891..e6e15d8c88 100644 --- a/wp-admin/includes/class-wp-ms-themes-list-table.php +++ b/wp-admin/includes/class-wp-ms-themes-list-table.php @@ -36,16 +36,17 @@ class WP_MS_Themes_List_Table extends WP_List_Table { ) ); } - function check_permissions() { + function ajax_user_can() { $menu_perms = get_site_option( 'menu_items', array() ); if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) - wp_die( __( 'Cheatin’ uh?' ) ); + return false; if ( $this->is_site_themes && !current_user_can('manage_sites') ) - wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) ); + return false; elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') ) - wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) ); + return false; + return true; } function prepare_items() { diff --git a/wp-admin/includes/class-wp-ms-users-list-table.php b/wp-admin/includes/class-wp-ms-users-list-table.php index 1b32986339..8c5415a75d 100644 --- a/wp-admin/includes/class-wp-ms-users-list-table.php +++ b/wp-admin/includes/class-wp-ms-users-list-table.php @@ -8,9 +8,8 @@ */ class WP_MS_Users_List_Table extends WP_List_Table { - function check_permissions() { - if ( ! current_user_can( 'manage_network_users' ) ) - wp_die( __( 'You do not have permission to access this page.' ) ); + function ajax_user_can() { + return current_user_can( 'manage_network_users' ); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-plugin-install-list-table.php b/wp-admin/includes/class-wp-plugin-install-list-table.php index 8eabfdc870..ccd94877ea 100644 --- a/wp-admin/includes/class-wp-plugin-install-list-table.php +++ b/wp-admin/includes/class-wp-plugin-install-list-table.php @@ -8,9 +8,8 @@ */ class WP_Plugin_Install_List_Table extends WP_List_Table { - function check_permissions() { - if ( ! current_user_can('install_plugins') ) - wp_die(__('You do not have sufficient permissions to install plugins on this site.')); + function ajax_user_can() { + return current_user_can('install_plugins'); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-plugins-list-table.php b/wp-admin/includes/class-wp-plugins-list-table.php index 669ea98756..de7ea828c6 100644 --- a/wp-admin/includes/class-wp-plugins-list-table.php +++ b/wp-admin/includes/class-wp-plugins-list-table.php @@ -27,16 +27,15 @@ class WP_Plugins_List_Table extends WP_List_Table { ) ); } - function check_permissions() { + function ajax_user_can() { if ( is_multisite() ) { $menu_perms = get_site_option( 'menu_items', array() ); if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() ) - wp_die( __( 'Cheatin’ uh?' ) ); + return false; } - if ( !current_user_can('activate_plugins') ) - wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); + return current_user_can('activate_plugins'); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-posts-list-table.php b/wp-admin/includes/class-wp-posts-list-table.php index eebaa8522d..3782ba61b1 100644 --- a/wp-admin/includes/class-wp-posts-list-table.php +++ b/wp-admin/includes/class-wp-posts-list-table.php @@ -78,11 +78,10 @@ class WP_Posts_List_Table extends WP_List_Table { ) ); } - function check_permissions() { + function ajax_user_can() { global $post_type_object; - if ( !current_user_can( $post_type_object->cap->edit_posts ) ) - wp_die( __( 'Cheatin’ uh?' ) ); + return current_user_can( $post_type_object->cap->edit_posts ); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-terms-list-table.php b/wp-admin/includes/class-wp-terms-list-table.php index b2cf4ed9bf..c87ae69df6 100644 --- a/wp-admin/includes/class-wp-terms-list-table.php +++ b/wp-admin/includes/class-wp-terms-list-table.php @@ -32,12 +32,10 @@ class WP_Terms_List_Table extends WP_List_Table { ) ); } - function check_permissions( $type = '' ) { + function ajax_user_can() { global $tax; - $cap = 'edit' == $type ? $tax->cap->edit_terms : $tax->cap->manage_terms; - if ( !current_user_can( $cap ) ) - wp_die( __( 'Cheatin’ uh?' ) ); + return current_user_can( $tax->cap->manage_terms ); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-theme-install-list-table.php b/wp-admin/includes/class-wp-theme-install-list-table.php index 3fc504c2b3..3234821f71 100644 --- a/wp-admin/includes/class-wp-theme-install-list-table.php +++ b/wp-admin/includes/class-wp-theme-install-list-table.php @@ -8,9 +8,8 @@ */ class WP_Theme_Install_List_Table extends WP_List_Table { - function check_permissions() { - if ( ! current_user_can('install_themes') ) - wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) ); + function ajax_user_can() { + return current_user_can('install_themes'); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-themes-list-table.php b/wp-admin/includes/class-wp-themes-list-table.php index 586a29a03e..24c38621e6 100644 --- a/wp-admin/includes/class-wp-themes-list-table.php +++ b/wp-admin/includes/class-wp-themes-list-table.php @@ -11,10 +11,9 @@ class WP_Themes_List_Table extends WP_List_Table { var $search = array(); var $features = array(); - function check_permissions() { + function ajax_user_can() { // Do not check edit_theme_options here. AJAX calls for available themes require switch_themes. - if ( !current_user_can('switch_themes') ) - wp_die( __( 'Cheatin’ uh?' ) ); + return current_user_can('switch_themes'); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-users-list-table.php b/wp-admin/includes/class-wp-users-list-table.php index 3a03cecaf3..3c92ceb051 100644 --- a/wp-admin/includes/class-wp-users-list-table.php +++ b/wp-admin/includes/class-wp-users-list-table.php @@ -24,12 +24,11 @@ class WP_Users_List_Table extends WP_List_Table { ) ); } - function check_permissions() { - if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) ) - wp_die( __( 'Cheatin’ uh?' ) ); - - if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) ) - wp_die(__( 'You do not have sufficient permissions to edit this site.' ) ); + function ajax_user_can() { + if ( $this->is_site_users ) + return current_user_can( 'manage_sites' ); + else + return current_user_can( 'list_users' ); } function prepare_items() {