diff --git a/wp-admin/menu.php b/wp-admin/menu.php index bf8c3b1dcb..088c9ead29 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -34,7 +34,14 @@ if ( ! is_multisite() || is_super_admin() ) $update_data = wp_get_update_data(); if ( ! is_multisite() ) { - $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "" . number_format_i18n($update_data['counts']['total']) . "" ), 'update_core', 'update-core.php'); + if ( current_user_can( 'update_core' ) ) + $cap = 'update_core'; + elseif ( current_user_can( 'update_plugins' ) ) + $cap = 'update_plugins'; + else + $cap = 'update_themes'; + $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "" . number_format_i18n($update_data['counts']['total']) . "" ), $cap, 'update-core.php'); + unset( $cap ); } $menu[4] = array( '', 'read', 'separator1', '', 'wp-menu-separator' ); diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php index 360bb91adb..df8379b621 100644 --- a/wp-admin/update-core.php +++ b/wp-admin/update-core.php @@ -18,7 +18,7 @@ if ( is_multisite() && ! is_network_admin() ) { exit(); } -if ( ! current_user_can( 'update_core' ) ) +if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_themes' ) && ! current_user_can( 'update_plugins' ) ) wp_die( __( 'You do not have sufficient permissions to update this site.' ) ); function list_core_update( $update ) { @@ -134,11 +134,7 @@ function core_upgrade_preamble() { global $upgrade_error, $wp_version; $updates = get_core_updates(); -?> -
- -

-

'; if ( $upgrade_error == 'themes' ) @@ -183,13 +179,6 @@ function core_upgrade_preamble() { echo '

' . sprintf( __( 'Learn more about WordPress %s.' ), esc_url( self_admin_url( 'about.php' ) ), $normalized_version ) . '

'; } dismissed_updates(); - - if ( current_user_can( 'update_plugins' ) ) - list_plugin_updates(); - if ( current_user_can( 'update_themes' ) ) - list_theme_updates(); - do_action('core_upgrade_preamble'); - echo '
'; } function list_plugin_updates() { @@ -454,10 +443,26 @@ if ( 'upgrade-core' == $action ) { wp_version_check(); require_once(ABSPATH . 'wp-admin/admin-header.php'); - core_upgrade_preamble(); + ?> +
+ +

+ '; include(ABSPATH . 'wp-admin/admin-footer.php'); } elseif ( 'do-core-upgrade' == $action || 'do-core-reinstall' == $action ) { + + if ( ! current_user_can( 'update_core' ) ) + wp_die( __( 'You do not have sufficient permissions to update this site.' ) ); + check_admin_referer('upgrade-core'); // do the (un)dismiss actions before headers,