Add some CYA cap checks.

git-svn-id: https://develop.svn.wordpress.org/trunk@11763 602fd350-edb4-49c9-b593-d223f7449a82
2009-08-01 21:58:59 +00:00 · 2009-08-01 21:58:59 +00:00 · 7b8c4df9bc
parent 98b8d02a40
commit 7b8c4df9bc
3 changed files with 9 additions and 0 deletions
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 wp_enqueue_script('admin-comments');
 enqueue_comment_hotkeys_js();

--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_pages') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 // Handle bulk actions
 if ( isset($_GET['doaction']) || isset($_GET['doaction2']) || isset($_GET['delete_all']) || isset($_GET['delete_all2']) ) {
 	check_admin_referer('bulk-pages');
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 // Back-compat for viewing comments of an entry
 if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) {
 	wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) );