Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.
git-svn-id: https://develop.svn.wordpress.org/trunk@16992 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
8661cbc56e
commit
266cd3f5df
@ -61,7 +61,9 @@ case 'fetch-list' :
|
|||||||
if ( ! $wp_list_table )
|
if ( ! $wp_list_table )
|
||||||
die( '0' );
|
die( '0' );
|
||||||
|
|
||||||
$wp_list_table->check_permissions();
|
if ( ! $wp_list_table->ajax_user_can() )
|
||||||
|
die( '-1' );
|
||||||
|
|
||||||
$wp_list_table->ajax_response();
|
$wp_list_table->ajax_response();
|
||||||
|
|
||||||
die( '0' );
|
die( '0' );
|
||||||
@ -1200,12 +1202,18 @@ case 'inline-save':
|
|||||||
case 'inline-save-tax':
|
case 'inline-save-tax':
|
||||||
check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
|
check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
|
||||||
|
|
||||||
set_current_screen( 'edit-' . $_POST['taxonomy'] );
|
$taxonomy = sanitize_key( $_POST['taxonomy'] );
|
||||||
|
$tax = get_taxonomy( $taxonomy );
|
||||||
|
if ( ! $tax )
|
||||||
|
die( '0' );
|
||||||
|
|
||||||
|
if ( ! current_user_can( $tax->cap->edit_terms ) )
|
||||||
|
die( '-1' );
|
||||||
|
|
||||||
|
set_current_screen( 'edit-' . $taxonomy );
|
||||||
|
|
||||||
$wp_list_table = get_list_table('WP_Terms_List_Table');
|
$wp_list_table = get_list_table('WP_Terms_List_Table');
|
||||||
|
|
||||||
$wp_list_table->check_permissions('edit');
|
|
||||||
|
|
||||||
if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
|
if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
|
||||||
die(-1);
|
die(-1);
|
||||||
|
|
||||||
|
@ -33,9 +33,8 @@ class WP_Comments_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( !current_user_can('edit_posts') )
|
return current_user_can('edit_posts');
|
||||||
wp_die(__('Cheatin’ uh?'));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -14,9 +14,8 @@ class WP_Links_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( ! current_user_can( 'manage_links' ) )
|
return current_user_can( 'manage_links' );
|
||||||
wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -105,8 +105,8 @@ class WP_List_Table {
|
|||||||
* @since 3.1.0
|
* @since 3.1.0
|
||||||
* @access public
|
* @access public
|
||||||
*/
|
*/
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' );
|
die( 'function WP_List_Table::ajax_user_can() must be over-ridden in a sub-class.' );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -16,9 +16,8 @@ class WP_Media_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( !current_user_can('upload_files') )
|
return current_user_can('upload_files');
|
||||||
wp_die( __( 'You do not have permission to upload files.' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -14,9 +14,8 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( ! current_user_can( 'manage_sites' ) )
|
return current_user_can( 'manage_sites' );
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -36,16 +36,17 @@ class WP_MS_Themes_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
$menu_perms = get_site_option( 'menu_items', array() );
|
$menu_perms = get_site_option( 'menu_items', array() );
|
||||||
|
|
||||||
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
|
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
return false;
|
||||||
|
|
||||||
if ( $this->is_site_themes && !current_user_can('manage_sites') )
|
if ( $this->is_site_themes && !current_user_can('manage_sites') )
|
||||||
wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );
|
return false;
|
||||||
elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
|
elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
|
||||||
wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) );
|
return false;
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -8,9 +8,8 @@
|
|||||||
*/
|
*/
|
||||||
class WP_MS_Users_List_Table extends WP_List_Table {
|
class WP_MS_Users_List_Table extends WP_List_Table {
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( ! current_user_can( 'manage_network_users' ) )
|
return current_user_can( 'manage_network_users' );
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -8,9 +8,8 @@
|
|||||||
*/
|
*/
|
||||||
class WP_Plugin_Install_List_Table extends WP_List_Table {
|
class WP_Plugin_Install_List_Table extends WP_List_Table {
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( ! current_user_can('install_plugins') )
|
return current_user_can('install_plugins');
|
||||||
wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -27,16 +27,15 @@ class WP_Plugins_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( is_multisite() ) {
|
if ( is_multisite() ) {
|
||||||
$menu_perms = get_site_option( 'menu_items', array() );
|
$menu_perms = get_site_option( 'menu_items', array() );
|
||||||
|
|
||||||
if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
|
if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !current_user_can('activate_plugins') )
|
return current_user_can('activate_plugins');
|
||||||
wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -78,11 +78,10 @@ class WP_Posts_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
global $post_type_object;
|
global $post_type_object;
|
||||||
|
|
||||||
if ( !current_user_can( $post_type_object->cap->edit_posts ) )
|
return current_user_can( $post_type_object->cap->edit_posts );
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -32,12 +32,10 @@ class WP_Terms_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions( $type = '' ) {
|
function ajax_user_can() {
|
||||||
global $tax;
|
global $tax;
|
||||||
|
|
||||||
$cap = 'edit' == $type ? $tax->cap->edit_terms : $tax->cap->manage_terms;
|
return current_user_can( $tax->cap->manage_terms );
|
||||||
if ( !current_user_can( $cap ) )
|
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -8,9 +8,8 @@
|
|||||||
*/
|
*/
|
||||||
class WP_Theme_Install_List_Table extends WP_List_Table {
|
class WP_Theme_Install_List_Table extends WP_List_Table {
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( ! current_user_can('install_themes') )
|
return current_user_can('install_themes');
|
||||||
wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -11,10 +11,9 @@ class WP_Themes_List_Table extends WP_List_Table {
|
|||||||
var $search = array();
|
var $search = array();
|
||||||
var $features = array();
|
var $features = array();
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
// Do not check edit_theme_options here. AJAX calls for available themes require switch_themes.
|
// Do not check edit_theme_options here. AJAX calls for available themes require switch_themes.
|
||||||
if ( !current_user_can('switch_themes') )
|
return current_user_can('switch_themes');
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
@ -24,12 +24,11 @@ class WP_Users_List_Table extends WP_List_Table {
|
|||||||
) );
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_permissions() {
|
function ajax_user_can() {
|
||||||
if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) )
|
if ( $this->is_site_users )
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
return current_user_can( 'manage_sites' );
|
||||||
|
else
|
||||||
if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) )
|
return current_user_can( 'list_users' );
|
||||||
wp_die(__( 'You do not have sufficient permissions to edit this site.' ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function prepare_items() {
|
function prepare_items() {
|
||||||
|
Loading…
Reference in New Issue
Block a user