diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 81e01970b7..9dd4eec5bb 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -558,7 +558,7 @@ case 'add-tag' :
set_current_screen($_POST['screen']);
require_once( './includes/default-list-tables.php' );
- $table = new WP_Terms_Table( 'ajax' );
+ $table = new WP_Terms_Table();
$level = 0;
$tag_full_name = false;
@@ -626,7 +626,7 @@ case 'add-comment' :
die('-1');
require_once( './includes/default-list-tables.php' );
- $table = new WP_Comments_Table( 'ajax' );
+ $table = new WP_Comments_Table();
global $comments;
@@ -659,7 +659,7 @@ case 'get-comments' :
die('-1');
require_once( './includes/default-list-tables.php' );
- $table = new WP_Comments_Table( 'ajax' );
+ $table = new WP_Comments_Table();
global $comments;
@@ -685,7 +685,7 @@ case 'replyto-comment' :
check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
require_once( './includes/default-list-tables.php' );
- $table = new WP_Comments_Table( 'ajax' );
+ $table = new WP_Comments_Table();
$comment_post_ID = (int) $_POST['comment_post_ID'];
if ( !current_user_can( 'edit_post', $comment_post_ID ) )
@@ -776,7 +776,7 @@ case 'edit-comment' :
add_filter( 'comment_author', 'floated_admin_avatar' );
require_once( './includes/default-list-tables.php' );
- $table = new WP_Comments_Table( 'ajax' );
+ $table = new WP_Comments_Table();
ob_start();
$table->single_row( $comment_id, $mode, $comments_listing, $checkbox );
@@ -925,7 +925,7 @@ case 'add-user' :
$user_object = new WP_User( $user_id );
require_once( './includes/default-list-tables.php' );
- $table = new WP_Users_Table( 'ajax' );
+ $table = new WP_Users_Table();
$x = new WP_Ajax_Response( array(
'what' => 'user',
@@ -1218,7 +1218,7 @@ case 'inline-save':
edit_post();
require_once( './includes/default-list-tables.php' );
- $table = new WP_Posts_Table( 'ajax' );
+ $table = new WP_Posts_Table();
$mode = $_POST['post_view'];
$table->display_rows( array( get_post( $_POST['post_ID'] ) ) );
@@ -1228,19 +1228,14 @@ case 'inline-save':
case 'inline-save-tax':
check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
- $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false;
- if ( ! $taxonomy )
- die( __('Cheatin’ uh?') );
- $tax = get_taxonomy($taxonomy);
+ require_once( './includes/default-list-tables.php' );
+ $table = new WP_Terms_Table();
- if ( ! current_user_can( $tax->cap->edit_terms ) )
- die( __('Cheatin’ uh?') );
+ $table->check_permissions('edit');
if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
die(-1);
- $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
-
$tag = get_term( $id, $taxonomy );
$_POST['description'] = $tag->description;
@@ -1253,11 +1248,6 @@ case 'inline-save-tax':
die( __('Item not updated.') );
}
- set_current_screen( 'edit-' . $taxonomy );
-
- require_once( './includes/default-list-tables.php' );
- $table = new WP_Terms_Table( 'ajax' );
-
echo $table->single_row( $tag, 0, $taxonomy );
} else {
if ( is_wp_error($updated) && $updated->get_error_message() )
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 9a53d236a6..af21a2e6fb 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -9,8 +9,10 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
-if ( !current_user_can('edit_posts') )
- wp_die(__('Cheatin’ uh?'));
+require_once( './includes/default-list-tables.php' );
+
+$table = new WP_Comments_Table;
+$table->check_permissions();
if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset( $_REQUEST['delete_all'] ) || isset( $_REQUEST['delete_all2'] ) ) {
check_admin_referer( 'bulk-comments' );
@@ -95,9 +97,7 @@ if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset
exit;
}
-require_once( './includes/default-list-tables.php' );
-
-$table = new WP_Comments_Table;
+$table->prepare_items();
wp_enqueue_script('admin-comments');
enqueue_comment_hotkeys_js();
diff --git a/wp-admin/edit-tags.php b/wp-admin/edit-tags.php
index 160368cc4d..b157a6c7f2 100644
--- a/wp-admin/edit-tags.php
+++ b/wp-admin/edit-tags.php
@@ -12,6 +12,7 @@ require_once('./admin.php');
require_once( './includes/default-list-tables.php' );
$table = new WP_Terms_Table;
+$table->check_permissions();
$title = $tax->labels->name;
@@ -151,6 +152,8 @@ if ( ! empty($_REQUEST['_wp_http_referer']) ) {
exit;
}
+$table->prepare_items();
+
wp_enqueue_script('admin-tags');
if ( current_user_can($tax->cap->edit_terms) )
wp_enqueue_script('inline-edit-tax');
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index bbf564b29b..9a7e13420f 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -12,6 +12,7 @@ require_once( './admin.php' );
require_once( './includes/default-list-tables.php' );
$table = new WP_Posts_Table;
+$table->check_permissions();
// Back-compat for viewing comments of an entry
if ( $_redirect = intval( max( @$_REQUEST['p'], @$_REQUEST['attachment_id'], @$_REQUEST['page_id'] ) ) ) {
@@ -118,6 +119,8 @@ if ( 'post' != $post_type ) {
$post_new_file = 'post-new.php';
}
+$table->prepare_items();
+
wp_enqueue_script('inline-edit-post');
$title = $post_type_object->labels->name;
diff --git a/wp-admin/includes/default-list-tables.php b/wp-admin/includes/default-list-tables.php
index ee81e555a5..be650e15b9 100644
--- a/wp-admin/includes/default-list-tables.php
+++ b/wp-admin/includes/default-list-tables.php
@@ -22,8 +22,8 @@ class WP_Posts_Table extends WP_List_Table {
*/
var $_hierarchical_display;
- function WP_Posts_Table( $context = 'normal' ) {
- global $post_type_object, $post_type, $avail_post_stati, $wp_query, $per_page, $mode, $current_screen;
+ function WP_Posts_Table() {
+ global $post_type_object, $post_type, $current_screen;
if ( !isset( $_REQUEST['post_type'] ) )
$post_type = 'post';
@@ -35,16 +35,21 @@ class WP_Posts_Table extends WP_List_Table {
$post_type_object = get_post_type_object( $post_type );
- if ( !current_user_can( $post_type_object->cap->edit_posts ) )
- wp_die( __( 'Cheatin’ uh?' ) );
-
parent::WP_List_Table( array(
'screen' => $current_screen,
'plural' => 'posts',
) );
+ }
- if ( 'normal' != $context )
- return;
+ function check_permissions() {
+ global $post_type_object;
+
+ if ( !current_user_can( $post_type_object->cap->edit_posts ) )
+ wp_die( __( 'Cheatin’ uh?' ) );
+ }
+
+ function prepare_items() {
+ global $post_type_object, $post_type, $avail_post_stati, $wp_query, $per_page, $mode;
$avail_post_stati = wp_edit_posts_query();
@@ -1072,34 +1077,24 @@ class WP_Posts_Table extends WP_List_Table {
class WP_Media_Table extends WP_List_Table {
- function WP_Media_Table( $context = 'normal' ) {
- global $wpdb, $wp_query, $detached, $post_mime_types, $avail_post_mime_types;
+ function WP_Media_Table() {
+ global $detached;
- if ( isset( $_REQUEST['find_detached'] ) ) {
- if ( !current_user_can( 'edit_posts' ) )
- wp_die( __( 'You are not allowed to scan for lost attachments.' ) );
-
- $lost = $wpdb->get_col( "
- SELECT ID FROM $wpdb->posts
- WHERE post_type = 'attachment' AND post_parent > '0'
- AND post_parent NOT IN (
- SELECT ID FROM $wpdb->posts
- WHERE post_type NOT IN ( 'attachment', '" . join( "', '", get_post_types( array( 'public' => false ) ) ) . "' )
- )
- " );
-
- $_REQUEST['detached'] = 1;
- }
-
- $detached = isset( $_REQUEST['detached'] );
+ $detached = isset( $_REQUEST['detached'] ) || isset( $_REQUEST['find_detached'] );
parent::WP_List_Table( array(
'screen' => $detached ? 'upload-detached' : 'upload',
'plural' => 'media'
) );
+ }
- if ( 'normal' != $context )
- return;
+ function check_permissions() {
+ if ( !current_user_can('upload_files') )
+ wp_die( __( 'You do not have permission to upload files.' ) );
+ }
+
+ function prepare_items() {
+ global $lost, $wpdb, $wp_query, $post_mime_types, $avail_post_mime_types;
$q = $_REQUEST;
@@ -1357,7 +1352,7 @@ foreach ( $columns as $column_name => $column_display_name ) {
- >
+ | >
|
$current_screen,
- 'plural' => 'tags',
- 'singular' => 'tag',
- ) );
-
- if ( 'normal' != $context )
- return;
-
- wp_reset_vars( array( 'action', 'tag', 'taxonomy', 'post_type' ) );
+ wp_reset_vars( array( 'action', 'taxonomy', 'post_type' ) );
if ( empty( $taxonomy ) )
$taxonomy = 'post_tag';
@@ -1524,12 +1510,31 @@ class WP_Terms_Table extends WP_List_Table {
$tax = get_taxonomy( $taxonomy );
- if ( ! current_user_can( $tax->cap->manage_terms ) )
- wp_die( __( 'Cheatin’ uh?' ) );
-
if ( empty( $post_type ) || !in_array( $post_type, get_post_types( array( 'public' => true ) ) ) )
$post_type = 'post';
+ if ( !isset( $current_screen ) )
+ set_current_screen( 'edit-' . $taxonomy );
+
+ parent::WP_List_Table( array(
+ 'screen' => $current_screen,
+ 'plural' => 'tags',
+ 'singular' => 'tag',
+ ) );
+ }
+
+ function check_permissions( $type = 'manage' ) {
+ global $tax;
+
+ $cap = 'manage' == $type ? $tax->cap->manage_terms : $tax->cap->edit_terms;
+
+ if ( !current_user_can( $tax->cap->manage_terms ) )
+ wp_die( __( 'Cheatin’ uh?' ) );
+ }
+
+ function prepare_items() {
+ global $taxonomy;
+
$tags_per_page = (int) get_user_option( 'edit_' . $taxonomy . '_per_page' );
if ( empty( $tags_per_page ) || $tags_per_page < 1 )
@@ -1851,17 +1856,21 @@ class WP_Terms_Table extends WP_List_Table {
class WP_Users_Table extends WP_List_Table {
- function WP_Users_Table( $context = 'normal' ) {
+ function WP_Users_Table() {
global $role, $usersearch;
parent::WP_List_Table( array(
'screen' => 'users',
'plural' => 'users'
) );
+ }
- if ( 'normal' != $context )
- return;
+ function check_permissions() {
+ if ( !current_user_can('list_users') )
+ wp_die(__('Cheatin’ uh?'));
+ }
+ function prepare_items() {
$usersearch = isset( $_REQUEST['s'] ) ? $_REQUEST['s'] : '';
$role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';
@@ -2089,21 +2098,25 @@ class WP_Users_Table extends WP_List_Table {
class WP_Comments_Table extends WP_List_Table {
- function WP_Comments_Table( $context = 'normal' ) {
- global $comments, $extra_comments, $total_comments, $post_id, $comment_status, $mode;
-
- $mode = ( empty( $_REQUEST['mode'] ) ) ? 'detail' : $_REQUEST['mode'];
-
+ function WP_Comments_Table() {
parent::WP_List_Table( array(
'screen' => 'edit-comments',
'plural' => 'comments'
) );
+ }
- if ( 'normal' != $context )
- return;
+ function check_permissions() {
+ if ( !current_user_can('edit_posts') )
+ wp_die(__('Cheatin’ uh?'));
+ }
+
+ function prepare_items() {
+ global $comments, $extra_comments, $total_comments, $post_id, $comment_status, $mode;
$post_id = isset( $_REQUEST['post_ID'] ) ? absint( $_REQUEST['post_ID'] ) : 0;
+ $mode = ( empty( $_REQUEST['mode'] ) ) ? 'detail' : $_REQUEST['mode'];
+
$comment_status = isset( $_REQUEST['comment_status'] ) ? $_REQUEST['comment_status'] : 'all';
if ( !in_array( $comment_status, array( 'all', 'moderated', 'approved', 'spam', 'trash' ) ) )
$comment_status = 'all';
@@ -2508,6 +2521,18 @@ class WP_Comments_Table extends WP_List_Table {
class WP_Links_Table extends WP_List_Table {
function WP_Links_Table() {
+ parent::WP_List_Table( array(
+ 'screen' => 'link-manager',
+ 'plural' => 'bookmarks',
+ ) );
+ }
+
+ function check_permissions() {
+ if ( ! current_user_can( 'manage_links' ) )
+ wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
+ }
+
+ function prepare_items() {
global $cat_id, $s, $orderby, $order;
wp_reset_vars( array( 'action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'orderby', 'order', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]', 's' ) );
@@ -2524,12 +2549,7 @@ class WP_Links_Table extends WP_List_Table {
$args['order'] = $order;
$this->items = get_bookmarks( $args );
-
- parent::WP_List_Table( array(
- 'screen' => 'link-manager',
- 'plural' => 'bookmarks',
- ) );
- }
+ }
function no_items() {
_e( 'No links found.' );
@@ -2690,15 +2710,22 @@ class WP_Links_Table extends WP_List_Table {
class WP_Sites_Table extends WP_List_Table {
function WP_Sites_Table() {
+ parent::WP_List_Table( array(
+ 'screen' => 'ms-sites',
+ 'plural' => 'sites',
+ ) );
+ }
+
+ function check_permissions() {
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __( 'You do not have permission to access this page.' ) );
+ }
+
+ function prepare_items() {
global $s, $mode, $wpdb;
$mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
- parent::WP_List_Table( array(
- 'callback' => 'site_rows',
- 'screen' => 'ms-sites',
- ) );
-
$pagenum = $this->get_pagenum();
$per_page = (int) get_user_option( 'ms_sites_per_page' );
@@ -2978,13 +3005,23 @@ class WP_Sites_Table extends WP_List_Table {
class WP_MS_Users_Table extends WP_List_Table {
function WP_MS_Users_Table() {
- global $s, $mode, $wpdb;
-
- $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
-
parent::WP_List_Table( array(
'screen' => 'ms-users',
) );
+ }
+
+ function check_permissions() {
+ if ( !is_multisite() )
+ wp_die( __( 'Multisite support is not enabled.' ) );
+
+ if ( ! current_user_can( 'manage_network_users' ) )
+ wp_die( __( 'You do not have permission to access this page.' ) );
+ }
+
+ function prepare_items() {
+ global $s, $mode, $wpdb;
+
+ $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
$pagenum = $this->get_pagenum();
@@ -3201,24 +3238,31 @@ class WP_MS_Users_Table extends WP_List_Table {
class WP_Plugins_Table extends WP_List_Table {
function WP_Plugins_Table() {
- global $status, $plugins, $totals, $page, $orderby, $order, $s;
-
parent::WP_List_Table( array(
'screen' => 'plugins',
'plural' => 'plugins',
) );
+ }
+
+ function check_permissions() {
+ if ( is_multisite() ) {
+ $menu_perms = get_site_option( 'menu_items', array() );
+
+ if ( empty( $menu_perms['plugins'] ) ) {
+ if ( !is_super_admin() )
+ wp_die( __( 'Cheatin’ uh?' ) );
+ }
+ }
+
+ if ( !current_user_can('activate_plugins') )
+ wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
+ }
+
+ function prepare_items() {
+ global $status, $plugins, $totals, $page, $orderby, $order, $s;
wp_reset_vars( array( 'orderby', 'order', 's' ) );
- $default_status = get_user_option( 'plugins_last_view' );
- if ( empty( $default_status ) )
- $default_status = 'all';
- $status = isset( $_REQUEST['plugin_status'] ) ? $_REQUEST['plugin_status'] : $default_status;
- if ( !in_array( $status, array( 'all', 'active', 'inactive', 'recently_activated', 'upgrade', 'network', 'mustuse', 'dropins', 'search' ) ) )
- $status = 'all';
- if ( $status != $default_status && 'search' != $status )
- update_user_meta( get_current_user_id(), 'plugins_last_view', $status );
-
$page = $this->get_pagenum();
$plugins = array(
@@ -3538,13 +3582,20 @@ class WP_Plugins_Table extends WP_List_Table {
class WP_Plugin_Install_Table extends WP_List_Table {
function WP_Plugin_Install_Table() {
- include( ABSPATH . 'wp-admin/includes/plugin-install.php' );
-
- global $tabs, $tab, $paged, $type, $term;
-
parent::WP_List_Table( array(
'screen' => 'plugin-install',
) );
+ }
+
+ function check_permissions() {
+ if ( ! current_user_can('install_plugins') )
+ wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
+ }
+
+ function prepare_items() {
+ include( ABSPATH . 'wp-admin/includes/plugin-install.php' );
+
+ global $tabs, $tab, $paged, $type, $term;
wp_reset_vars( array( 'tab' ) );
@@ -3743,6 +3794,17 @@ class WP_Plugin_Install_Table extends WP_List_Table {
class WP_Themes_Table extends WP_List_Table {
function WP_Themes_Table() {
+ parent::__construct( array(
+ 'screen' => 'themes',
+ ) );
+ }
+
+ function check_permissions() {
+ if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
+ wp_die( __( 'Cheatin’ uh?' ) );
+ }
+
+ function prepare_items() {
global $ct;
$ct = current_theme_info();
@@ -3758,10 +3820,6 @@ class WP_Themes_Table extends WP_List_Table {
$this->items = array_slice( $themes, $start, $per_page );
- parent::__construct( array(
- 'screen' => 'themes',
- ) );
-
$this->set_pagination_args( array(
'query_var' => 'pagenum',
'total_items' => count( $themes ),
@@ -3885,14 +3943,21 @@ foreach ( $cols as $col => $theme_name ) {
class WP_Theme_Install_Table extends WP_List_Table {
function WP_Theme_Install_Table() {
- include( ABSPATH . 'wp-admin/includes/theme-install.php' );
-
- global $tabs, $tab, $paged, $type, $term, $theme_field_defaults;
-
parent::WP_List_Table( array(
'screen' => 'theme-install',
) );
+ }
+ function check_permissions() {
+ if ( ! current_user_can('install_themes') )
+ wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
+ }
+
+ function prepare_items() {
+ include( ABSPATH . 'wp-admin/includes/theme-install.php' );
+
+ global $tabs, $tab, $paged, $type, $term, $theme_field_defaults;
+
wp_reset_vars( array( 'tab' ) );
$paged = $this->get_pagenum();
diff --git a/wp-admin/includes/list-table.php b/wp-admin/includes/list-table.php
index 9eb129d7eb..4fec2ecebe 100644
--- a/wp-admin/includes/list-table.php
+++ b/wp-admin/includes/list-table.php
@@ -93,6 +93,28 @@ class WP_List_Table {
}
}
+ /**
+ * Checks the current user's permissions
+ * @uses wp_die()
+ *
+ * @since 3.1.0
+ * @access public
+ */
+ function check_permissions() {
+ die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' );
+ }
+
+ /**
+ * Prepares the list of items for displaying.
+ * @uses WP_List_Table::set_pagination_args()
+ *
+ * @since 3.1.0
+ * @access public
+ */
+ function prepare_items() {
+ die( 'function WP_List_Table::prepare_items() must be over-ridden in a sub-class.' );
+ }
+
/**
* An internal method that sets all the necessary pagination arguments
*
@@ -568,6 +590,9 @@ class WP_List_Table {
* @access public
*/
function ajax_response() {
+ $this->check_permissions();
+ $this->prepare_items();
+
extract( $this->_args );
extract( $this->_pagination_args );
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index 0d68e07af5..dd5540f3a7 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -9,15 +9,17 @@
/** Load WordPress Administration Bootstrap */
require_once ('admin.php');
+require_once( './includes/default-list-tables.php' );
+
+$table = new WP_Links_Table;
+$table->check_permissions();
+
// Handle bulk deletes
if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['linkcheck'] ) ) {
check_admin_referer( 'bulk-bookmarks' );
$doaction = $_REQUEST['action'] ? $_REQUEST['action'] : $_REQUEST['action2'];
- if ( ! current_user_can( 'manage_links' ) )
- wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
-
if ( 'delete' == $doaction ) {
$bulklinks = (array) $_REQUEST['linkcheck'];
foreach ( $bulklinks as $link_id ) {
@@ -33,9 +35,7 @@ if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['linkcheck'] ) ) {
exit;
}
-require_once( './includes/default-list-tables.php' );
-
-$table = new WP_Links_Table;
+$table->prepare_items();
$title = __('Links');
$this_file = $parent_file = 'link-manager.php';
diff --git a/wp-admin/network/sites.php b/wp-admin/network/sites.php
index a68b82e47b..2681fb0b67 100644
--- a/wp-admin/network/sites.php
+++ b/wp-admin/network/sites.php
@@ -12,8 +12,10 @@ require_once( './admin.php' );
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
-if ( ! current_user_can( 'manage_sites' ) )
- wp_die( __( 'You do not have permission to access this page.' ) );
+require_once( '../includes/default-list-tables.php' );
+
+$table = new WP_Sites_Table;
+$table->check_permissions();
$title = __( 'Sites' );
$parent_file = 'sites.php';
@@ -348,9 +350,7 @@ switch ( $action ) {
// List sites
case 'list':
default:
- require_once( '../includes/default-list-tables.php' );
-
- $table = new WP_Sites_Table;
+ $table->prepare_items();
require_once( '../admin-header.php' );
?>
diff --git a/wp-admin/network/users.php b/wp-admin/network/users.php
index ffa9222b51..6378c74b5a 100644
--- a/wp-admin/network/users.php
+++ b/wp-admin/network/users.php
@@ -9,11 +9,11 @@
require_once( './admin.php' );
-if ( !is_multisite() )
- wp_die( __( 'Multisite support is not enabled.' ) );
+require_once( '../includes/default-list-tables.php' );
-if ( ! current_user_can( 'manage_network_users' ) )
- wp_die( __( 'You do not have permission to access this page.' ) );
+$table = new WP_MS_Users_Table;
+$table->check_permissions();
+$table->prepare_items();
$title = __( 'Users' );
$parent_file = 'users.php';
@@ -32,10 +32,6 @@ add_contextual_help($current_screen,
'' . __('Support Forums') . '
'
);
-require_once( '../includes/default-list-tables.php' );
-
-$table = new WP_MS_Users_Table;
-
require_once( '../admin-header.php' );
if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {
diff --git a/wp-admin/plugin-install.php b/wp-admin/plugin-install.php
index 74be3e641a..a298975bf0 100644
--- a/wp-admin/plugin-install.php
+++ b/wp-admin/plugin-install.php
@@ -9,12 +9,11 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
-if ( ! current_user_can('install_plugins') )
- wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
-
require_once( './includes/default-list-tables.php' );
$table = new WP_Plugin_Install_Table;
+$table->check_permissions();
+$table->prepare_items();
$title = __('Install Plugins');
$parent_file = 'plugins.php';
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 34e48d4a3a..e1c44d8dfc 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -8,17 +8,11 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
-if ( is_multisite() ) {
- $menu_perms = get_site_option( 'menu_items', array() );
-
- if ( empty( $menu_perms['plugins'] ) ) {
- if ( ! is_super_admin() )
- wp_die( __( 'Cheatin’ uh?' ) );
- }
-}
-if ( ! current_user_can( 'activate_plugins' ) )
- wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
+require_once( ABSPATH . 'wp-admin/includes/default-list-tables.php' );
+
+$table = new WP_Plugins_Table;
+$table->check_permissions();
if ( isset($_POST['clear-recent-list']) )
$action = 'clear-recent-list';
@@ -299,9 +293,16 @@ if ( !empty($action) ) {
}
}
-require_once( ABSPATH . 'wp-admin/includes/default-list-tables.php' );
+$default_status = get_user_option( 'plugins_last_view' );
+if ( empty( $default_status ) )
+ $default_status = 'all';
+$status = isset( $_REQUEST['plugin_status'] ) ? $_REQUEST['plugin_status'] : $default_status;
+if ( !in_array( $status, array( 'all', 'active', 'inactive', 'recently_activated', 'upgrade', 'network', 'mustuse', 'dropins', 'search' ) ) )
+ $status = 'all';
+if ( $status != $default_status && 'search' != $status )
+ update_user_meta( get_current_user_id(), 'plugins_last_view', $status );
-$table = new WP_Plugins_Table;
+$table->prepare_items();
wp_enqueue_script('plugin-install');
add_thickbox();
diff --git a/wp-admin/theme-install.php b/wp-admin/theme-install.php
index 70c1e5b79f..0bca50950e 100644
--- a/wp-admin/theme-install.php
+++ b/wp-admin/theme-install.php
@@ -9,12 +9,11 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
-if ( ! current_user_can('install_themes') )
- wp_die(__('You do not have sufficient permissions to install themes on this site.'));
-
require_once( './includes/default-list-tables.php' );
$table = new WP_Theme_Install_Table;
+$table->check_permissions();
+$table->prepare_items();
$title = __('Install Themes');
$parent_file = 'themes.php';
diff --git a/wp-admin/themes.php b/wp-admin/themes.php
index 969929189b..f0de761126 100644
--- a/wp-admin/themes.php
+++ b/wp-admin/themes.php
@@ -9,8 +9,10 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
-if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
- wp_die( __( 'Cheatin’ uh?' ) );
+require_once( './includes/default-list-tables.php' );
+
+$table = new WP_Themes_Table;
+$table->check_permissions();
if ( current_user_can('switch_themes') && isset($_GET['action']) ) {
if ( 'activate' == $_GET['action'] ) {
@@ -28,9 +30,7 @@ if ( current_user_can('switch_themes') && isset($_GET['action']) ) {
}
}
-require_once( './includes/default-list-tables.php' );
-
-$table = new WP_Themes_Table;
+$table->prepare_items();
$title = __('Manage Themes');
$parent_file = 'themes.php';
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 2bd5fac4b2..d488f4f356 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -9,11 +9,30 @@
/** WordPress Administration Bootstrap */
require_once( './admin.php' );
-if ( !current_user_can('upload_files') )
- wp_die(__('You do not have permission to upload files.'));
+require_once( './includes/default-list-tables.php' );
+
+$table = new WP_Media_Table;
+$table->check_permissions();
// Handle bulk actions
-if ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) {
+if ( isset($_REQUEST['find_detached']) ) {
+ check_admin_referer('bulk-media');
+
+ if ( !current_user_can('edit_posts') )
+ wp_die( __('You are not allowed to scan for lost attachments.') );
+
+ $lost = $wpdb->get_col( "
+ SELECT ID FROM $wpdb->posts
+ WHERE post_type = 'attachment' AND post_parent > '0'
+ AND post_parent NOT IN (
+ SELECT ID FROM $wpdb->posts
+ WHERE post_type NOT IN ( 'attachment', '" . join( "', '", get_post_types( array( 'public' => false ) ) ) . "' )
+ )
+ " );
+
+ $_REQUEST['detached'] = 1;
+
+} elseif ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) {
check_admin_referer( 'bulk-media' );
$parent_id = (int) $_REQUEST['found_post_id'];
@@ -111,9 +130,7 @@ if ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) {
exit;
}
-require_once( './includes/default-list-tables.php' );
-
-$table = new WP_Media_Table;
+$table->prepare_items();
$title = __('Media Library');
$parent_file = 'upload.php';
diff --git a/wp-admin/users.php b/wp-admin/users.php
index ca6445e5de..a7c761b4b4 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -12,8 +12,10 @@ require_once( './admin.php' );
/** WordPress Registration API */
require_once( ABSPATH . WPINC . '/registration.php');
-if ( !current_user_can('list_users') )
- wp_die(__('Cheatin’ uh?'));
+require_once( './includes/default-list-tables.php' );
+
+$table = new WP_Users_Table;
+$table->check_permissions();
$title = __('Users');
$parent_file = 'users.php';
@@ -306,9 +308,7 @@ default:
exit;
}
- require_once( './includes/default-list-tables.php' );
-
- $table = new WP_Users_Table;
+ $table->prepare_items();
include('./admin-header.php');
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 350cdce10a..28f501f038 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -2656,9 +2656,12 @@ function wp_nonce_ays( $action ) {
* @param string|array $args Optional arguements to control behaviour.
*/
function wp_die( $message, $title = '', $args = array() ) {
+ if ( defined( 'DOING_AJAX' ) && DOING_AJAX )
+ die('-1');
+
if ( function_exists( 'apply_filters' ) ) {
$function = apply_filters( 'wp_die_handler', '_default_wp_die_handler');
- }else {
+ } else {
$function = '_default_wp_die_handler';
}