From 322991024f63fb248b2e048384b332f053e2a3c9 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Wed, 27 Aug 2014 01:31:05 +0000 Subject: [PATCH] Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters. Introduce upload_plugins and upload_themes capabilities to allow blocking of plugin and theme uploads, versus the old hacky (and not secure) ways of just hiding UI tabs. These are simply meta capabilities that map to install_plugins and install_themes. Also: * Use the same nice design for the plugin upload screen as the theme upload screen. * Better compatibility for the old install_themes_tabs filter added in [29002]. see #28578. * Ensure using the install_plugins_tabs filter to remove the upload tab removes the new button. * Use 'Add Plugins' instead of 'Install Plugins' to match 'Add Themes'. fixes #29236. git-svn-id: https://develop.svn.wordpress.org/trunk@29634 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/css/themes.css | 12 ++++-- .../class-wp-plugin-install-list-table.php | 12 +++++- src/wp-admin/includes/plugin-install.php | 3 +- src/wp-admin/plugin-install.php | 24 ++++++++---- src/wp-admin/theme-install.php | 39 +++++++++---------- src/wp-admin/update.php | 6 ++- src/wp-includes/capabilities.php | 13 +++++-- 7 files changed, 70 insertions(+), 39 deletions(-) diff --git a/src/wp-admin/css/themes.css b/src/wp-admin/css/themes.css index 77ab5be359..9a64086ad3 100644 --- a/src/wp-admin/css/themes.css +++ b/src/wp-admin/css/themes.css @@ -1091,7 +1091,8 @@ body.folded .theme-overlay .theme-wrap { .theme-install-php.show-upload-theme a.browse-themes { display: inline; } -.upload-theme { +.upload-theme, +.upload-plugin { -webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box; @@ -1103,17 +1104,20 @@ body.folded .theme-overlay .theme-wrap { position: relative; top: 10px; } -body.show-upload-theme .upload-theme { +body.show-upload-theme .upload-theme, +.upload-plugin { display: block; } -.upload-theme .wp-upload-form { +.upload-theme .wp-upload-form, +.upload-plugin .wp-upload-form { background: #fafafa; border: 1px solid #e5e5e5; padding: 30px; margin: 30px auto; max-width: 380px; } -.upload-theme .install-help { +.upload-theme .install-help, +.upload-plugin .install-help { color: #999; font-size: 18px; font-style: normal; diff --git a/src/wp-admin/includes/class-wp-plugin-install-list-table.php b/src/wp-admin/includes/class-wp-plugin-install-list-table.php index 84c34c714f..ec60584b6c 100644 --- a/src/wp-admin/includes/class-wp-plugin-install-list-table.php +++ b/src/wp-admin/includes/class-wp-plugin-install-list-table.php @@ -69,8 +69,13 @@ class WP_Plugin_Install_List_Table extends WP_List_Table { if ( $tab === 'beta' || false !== strpos( $GLOBALS['wp_version'], '-' ) ) { $tabs['beta'] = _x( 'Beta Testing', 'Plugin Installer' ); } + if ( current_user_can( 'upload_plugins' ) ) { + // No longer a real tab. Here for filter compatibility. + // Gets juggled into $nonmenu_tabs below. + $tabs['upload'] = __( 'Upload Plugin' ); + } - $nonmenu_tabs = array( 'upload', 'plugin-information' ); //Valid actions to perform which do not have a Menu item. + $nonmenu_tabs = array( 'plugin-information' ); // Valid actions to perform which do not have a Menu item. /** * Filter the tabs shown on the Plugin Install screen. @@ -91,6 +96,11 @@ class WP_Plugin_Install_List_Table extends WP_List_Table { */ $nonmenu_tabs = apply_filters( 'install_plugins_nonmenu_tabs', $nonmenu_tabs ); + if ( isset( $tabs['upload'] ) ) { + unset( $tabs['upload'] ); + $nonmenu_tabs[] = 'upload'; + } + // If a non-valid menu tab has been selected, And it's not a non-menu action. if ( empty( $tab ) || ( !isset( $tabs[ $tab ] ) && !in_array( $tab, (array) $nonmenu_tabs ) ) ) $tab = key( $tabs ); diff --git a/src/wp-admin/includes/plugin-install.php b/src/wp-admin/includes/plugin-install.php index 3113e28dc5..e0289b52c7 100644 --- a/src/wp-admin/includes/plugin-install.php +++ b/src/wp-admin/includes/plugin-install.php @@ -195,7 +195,7 @@ function install_search_form( $type_selector = true ) { */ function install_plugins_upload( $page = 1 ) { ?> -

+

@@ -203,6 +203,7 @@ function install_plugins_upload( $page = 1 ) {
+
get_pagenum(); $wp_list_table->prepare_items(); -$title = __('Install Plugins'); +$title = __( 'Add Plugins' ); $parent_file = 'plugins.php'; wp_enqueue_script( 'plugin-install' ); @@ -75,16 +75,26 @@ include(ABSPATH . 'wp-admin/admin-header.php');

' . $text . ''; + } ?> -

-views(); ?> - -
views(); + echo '
'; +} + /** * Fires after the plugins list table in each tab of the Install Plugins screen. * diff --git a/src/wp-admin/theme-install.php b/src/wp-admin/theme-install.php index 2ca1c2870b..fd8847c547 100644 --- a/src/wp-admin/theme-install.php +++ b/src/wp-admin/theme-install.php @@ -27,11 +27,6 @@ if ( ! is_network_admin() ) { $submenu_file = 'themes.php'; } -$tabs = array( - 'upload' => __( 'Upload Theme' ), - 'browse-themes' => _x( 'Browse', 'themes' ), -); - $sections = array( 'featured' => __( 'Featured Themes' ), 'popular' => __( 'Popular Themes' ), @@ -113,22 +108,24 @@ include(ABSPATH . 'wp-admin/admin-header.php'); ?>
-

- - $tab_name ) { - echo '' . $tab_name . ''; - } - ?> -

+

__( 'Upload Theme' ) ) ); + if ( ! empty( $tabs['upload'] ) && current_user_can( 'upload_themes' ) ) { + echo ' ' . __( 'Upload Theme' ) . ''; + echo ' ' . _x( 'Browse', 'themes' ) . ''; + } + ?>

diff --git a/src/wp-admin/update.php b/src/wp-admin/update.php index a8568cdf65..c279444320 100644 --- a/src/wp-admin/update.php +++ b/src/wp-admin/update.php @@ -123,8 +123,9 @@ if ( isset($_GET['action']) ) { } elseif ( 'upload-plugin' == $action ) { - if ( ! current_user_can('install_plugins') ) + if ( ! current_user_can( 'upload_plugins' ) ) { wp_die( __( 'You do not have sufficient permissions to install plugins on this site.' ) ); + } check_admin_referer('plugin-upload'); @@ -227,8 +228,9 @@ if ( isset($_GET['action']) ) { } elseif ( 'upload-theme' == $action ) { - if ( ! current_user_can('install_themes') ) + if ( ! current_user_can( 'upload_themes' ) ) { wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) ); + } check_admin_referer('theme-upload'); diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php index 45be4b5517..30c38b2cbc 100644 --- a/src/wp-includes/capabilities.php +++ b/src/wp-includes/capabilities.php @@ -1262,18 +1262,25 @@ function map_meta_cap( $cap, $user_id ) { case 'update_plugins': case 'delete_plugins': case 'install_plugins': + case 'upload_plugins': case 'update_themes': case 'delete_themes': case 'install_themes': + case 'upload_themes': case 'update_core': // Disallow anything that creates, deletes, or updates core, plugin, or theme files. // Files in uploads are excepted. - if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) + if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) { $caps[] = 'do_not_allow'; - elseif ( is_multisite() && ! is_super_admin( $user_id ) ) + } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { $caps[] = 'do_not_allow'; - else + } elseif ( 'upload_themes' === $cap ) { + $caps[] = 'install_themes'; + } elseif ( 'upload_plugins' === $cap ) { + $caps[] = 'install_plugins'; + } else { $caps[] = $cap; + } break; case 'activate_plugins': $caps[] = $cap;