Themes: Do extra Cap checks before outputting links, and use full URI's. See #25948
git-svn-id: https://develop.svn.wordpress.org/trunk@26470 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse
parent
13ba79ef36
commit
66fb039ffe
@ -142,7 +142,7 @@ function get_theme_update_available( $theme ) {
|
|||||||
$update = $themes_update->response[ $stylesheet ];
|
$update = $themes_update->response[ $stylesheet ];
|
||||||
$theme_name = $theme->display('Name');
|
$theme_name = $theme->display('Name');
|
||||||
$details_url = add_query_arg(array('TB_iframe' => 'true', 'width' => 1024, 'height' => 800), $update['url']); //Theme browser inside WP? replace this, Also, theme preview JS will override this on the available list.
|
$details_url = add_query_arg(array('TB_iframe' => 'true', 'width' => 1024, 'height' => 800), $update['url']); //Theme browser inside WP? replace this, Also, theme preview JS will override this on the available list.
|
||||||
$update_url = wp_nonce_url('update.php?action=upgrade-theme&theme=' . urlencode($stylesheet), 'upgrade-theme_' . $stylesheet);
|
$update_url = wp_nonce_url( admin_url( 'update.php?action=upgrade-theme&theme=' . urlencode( $stylesheet ) ), 'upgrade-theme_' . $stylesheet );
|
||||||
$update_onclick = 'onclick="if ( confirm(\'' . esc_js( __("Updating this theme will lose any customizations you have made. 'Cancel' to stop, 'OK' to update.") ) . '\') ) {return true;}return false;"';
|
$update_onclick = 'onclick="if ( confirm(\'' . esc_js( __("Updating this theme will lose any customizations you have made. 'Cancel' to stop, 'OK' to update.") ) . '\') ) {return true;}return false;"';
|
||||||
|
|
||||||
if ( !is_multisite() ) {
|
if ( !is_multisite() ) {
|
||||||
@ -414,9 +414,9 @@ function wp_prepare_themes_for_js( $themes = null ) {
|
|||||||
'hasUpdate' => isset( $updates[ $slug ] ),
|
'hasUpdate' => isset( $updates[ $slug ] ),
|
||||||
'update' => get_theme_update_available( $theme ),
|
'update' => get_theme_update_available( $theme ),
|
||||||
'actions' => array(
|
'actions' => array(
|
||||||
'activate' => wp_nonce_url( 'themes.php?action=activate&stylesheet=' . $encoded_slug, 'switch-theme_' . $slug ),
|
'activate' => current_user_can( 'switch_themes' ) ? wp_nonce_url( admin_url( 'themes.php?action=activate&stylesheet=' . $encoded_slug ), 'switch-theme_' . $slug ) : null,
|
||||||
'customize'=> admin_url( 'customize.php?theme=' . $encoded_slug ),
|
'customize'=> current_user_can( 'edit_theme_options' ) ? admin_url( 'customize.php?theme=' . $encoded_slug ) : null,
|
||||||
'delete' => wp_nonce_url( 'themes.php?action=delete&stylesheet=' . $encoded_slug, 'delete-theme_' . $slug ),
|
'delete' => current_user_can( 'delete_themes' ) ? wp_nonce_url( admin_url( 'themes.php?action=delete&stylesheet=' . $encoded_slug ), 'delete-theme_' . $slug ) : null,
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -92,10 +92,9 @@ wp_localize_script( 'theme', '_wpThemeSettings', array(
|
|||||||
'themes' => $themes,
|
'themes' => $themes,
|
||||||
'settings' => array(
|
'settings' => array(
|
||||||
'canInstall' => ( ! is_multisite() && current_user_can( 'install_themes' ) ),
|
'canInstall' => ( ! is_multisite() && current_user_can( 'install_themes' ) ),
|
||||||
'installURI' => admin_url( 'theme-install.php' ),
|
'installURI' => ( ! is_multisite() && current_user_can( 'install_themes' ) ) ? admin_url( 'theme-install.php' ) : null,
|
||||||
'customizeURI' => ( current_user_can( 'edit_theme_options' ) ) ? wp_customize_url() : null,
|
|
||||||
'confirmDelete' => __( "Are you sure you want to delete this theme?\n\nClick 'Cancel' to go back, 'OK' to confirm the delete." ),
|
'confirmDelete' => __( "Are you sure you want to delete this theme?\n\nClick 'Cancel' to go back, 'OK' to confirm the delete." ),
|
||||||
'root' => '/wp-admin/themes.php',
|
'root' => admin_url( 'themes.php' ),
|
||||||
'extraRoutes' => '',
|
'extraRoutes' => '',
|
||||||
),
|
),
|
||||||
'l10n' => array(
|
'l10n' => array(
|
||||||
@ -220,12 +219,12 @@ if ( ! is_multisite() && current_user_can('edit_themes') && $broken_themes = wp_
|
|||||||
</div>
|
</div>
|
||||||
<div class="theme-author"><?php printf( __( 'By %s' ), '{{{ data.author }}}' ); ?></div>
|
<div class="theme-author"><?php printf( __( 'By %s' ), '{{{ data.author }}}' ); ?></div>
|
||||||
<h3 class="theme-name">{{ data.name }}</h3>
|
<h3 class="theme-name">{{ data.name }}</h3>
|
||||||
|
|
||||||
<div class="theme-actions">
|
<div class="theme-actions">
|
||||||
|
|
||||||
<# if ( data.active ) { #>
|
<# if ( data.active ) { #>
|
||||||
<span class="current-label"><?php _e( 'Current Theme' ); ?></span>
|
<# if ( data.actions['customize'] ) { #>
|
||||||
<# if ( wp.themes.data.settings['customizeURI'] ) { #>
|
<a class="button button-primary hide-if-no-customize" href="{{ data.actions['customize'] }}"><?php _e( 'Customize' ); ?></a>
|
||||||
<a class="button button-primary hide-if-no-customize" href="{{ wp.themes.data.settings['customizeURI'] }}"><?php _e( 'Customize' ); ?></a>
|
|
||||||
<# } #>
|
<# } #>
|
||||||
<# } else { #>
|
<# } else { #>
|
||||||
<a class="button button-primary activate" href="{{{ data.actions['activate'] }}}"><?php _e( 'Activate' ); ?></a>
|
<a class="button button-primary activate" href="{{{ data.actions['activate'] }}}"><?php _e( 'Activate' ); ?></a>
|
||||||
@ -292,7 +291,7 @@ if ( ! is_multisite() && current_user_can('edit_themes') && $broken_themes = wp_
|
|||||||
<div class="theme-actions">
|
<div class="theme-actions">
|
||||||
<div class="active-theme">
|
<div class="active-theme">
|
||||||
<a href="{{{ wp.themes.data.settings.customizeURI }}}" class="button button-primary hide-if-no-customize"><?php _e( 'Customize' ); ?></a>
|
<a href="{{{ wp.themes.data.settings.customizeURI }}}" class="button button-primary hide-if-no-customize"><?php _e( 'Customize' ); ?></a>
|
||||||
<?php if( current_theme_supports( 'menus' ) ) { ?>
|
<?php if ( current_theme_supports( 'menus' ) ) { ?>
|
||||||
<a class="button button-secondary" href="<?php echo admin_url( 'nav-menus.php' ); ?>"><?php _e( 'Menus' ); ?></a>
|
<a class="button button-secondary" href="<?php echo admin_url( 'nav-menus.php' ); ?>"><?php _e( 'Menus' ); ?></a>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<?php if( current_theme_supports( 'widgets' ) ) { ?>
|
<?php if( current_theme_supports( 'widgets' ) ) { ?>
|
||||||
@ -300,11 +299,13 @@ if ( ! is_multisite() && current_user_can('edit_themes') && $broken_themes = wp_
|
|||||||
<?php } ?>
|
<?php } ?>
|
||||||
</div>
|
</div>
|
||||||
<div class="inactive-theme">
|
<div class="inactive-theme">
|
||||||
|
<# if ( data.actions.activate ) { #>
|
||||||
<a href="{{{ data.actions.activate }}}" class="button button-primary"><?php _e( 'Activate' ); ?></a>
|
<a href="{{{ data.actions.activate }}}" class="button button-primary"><?php _e( 'Activate' ); ?></a>
|
||||||
|
<# } #>
|
||||||
<a href="{{{ data.actions.customize }}}" class="button button-secondary"><?php _e( 'Live Preview' ); ?></a>
|
<a href="{{{ data.actions.customize }}}" class="button button-secondary"><?php _e( 'Live Preview' ); ?></a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<# if ( ! data.active ) { #>
|
<# if ( ! data.active && data.actions.delete ) { #>
|
||||||
<a href="{{{ data.actions.delete }}}" class="delete-theme"><?php _e( 'Delete' ); ?></a>
|
<a href="{{{ data.actions.delete }}}" class="delete-theme"><?php _e( 'Delete' ); ?></a>
|
||||||
<# } #>
|
<# } #>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user