From 7c6c3a081f6c6a46d3b5033b57d1fb86acfbaa03 Mon Sep 17 00:00:00 2001 From: Eric Andrew Lewis Date: Sun, 17 Jan 2016 23:58:04 +0000 Subject: [PATCH] Themes: Only users with proper capability should see theme errors. After [36335], if a template file is not loaded, an error is displayed to logged-in users. As logged-in users may have no capabilities, this check is insubstantial. Limit the display of this error to users with the `install_themes` capability, i.e. someone who has the capacity to deal with the error. See #21931. git-svn-id: https://develop.svn.wordpress.org/trunk@36338 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/template-loader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-includes/template-loader.php b/src/wp-includes/template-loader.php index 57f1db1ce0..b466bc2cfe 100644 --- a/src/wp-includes/template-loader.php +++ b/src/wp-includes/template-loader.php @@ -86,7 +86,7 @@ if ( defined('WP_USE_THEMES') && WP_USE_THEMES ) : */ if ( $template = apply_filters( 'template_include', $template ) ) { include( $template ); - } elseif ( is_user_logged_in() ) { + } elseif ( current_user_can( 'install_themes' ) ) { $theme = wp_get_theme(); if ( $theme->errors() ) { wp_die( $theme->errors() );