sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use switch_themes instead of edit_themes so that non super admins on multisite installs can customize headers and backgrounds. Add CYA cap checks.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@13043 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2010-02-10 16:49:16 +00:00
parent 718fa1b6e8
commit d22d07e1f2
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/custom-background.php
View File

@ -52,6 +52,9 @@ class Custom_Background {
* @since unknown
*/
function init() {
if ( ! current_user_can('switch_themes') )
return;
$page = add_theme_page(__('Custom Background'), __('Custom Background'), 'switch_themes', 'custom-background', array(&$this, 'admin_page'));
add_action("admin_head-$page", array(&$this, 'take_action'), 50);
@ -83,6 +86,9 @@ class Custom_Background {
* @since unknown
*/
function take_action() {
if ( ! current_user_can('switch_themes') )
return;
if ( isset($_POST['reset-background']) ) {
check_admin_referer('custom-background');
remove_theme_mods();
@ -234,6 +240,8 @@ if ( get_background_image() ) :
* @since unknown
*/
function admin_page() {
if ( ! current_user_can('switch_themes') )
wp_die(__('You do not have permission to customize the background.'));
$step = $this->step();
if ( 1 == $step )
$this->step_1();

10
wp-admin/custom-header.php
View File

@ -52,7 +52,10 @@ class Custom_Image_Header {
* @since unknown
*/
function init() {
$page = add_theme_page(__('Custom Header'), __('Custom Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));
if ( ! current_user_can('switch_themes') )
return;
$page = add_theme_page(__('Custom Header'), __('Custom Header'), 'switch_themes', 'custom-header', array(&$this, 'admin_page'));
add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
add_action("admin_print_styles-$page", array(&$this, 'css_includes'));
@ -113,6 +116,9 @@ class Custom_Image_Header {
* @since unknown
*/
function take_action() {
if ( ! current_user_can('switch_themes') )
return;
if ( isset( $_POST['textcolor'] ) ) {
check_admin_referer('custom-header');
if ( 'blank' == $_POST['textcolor'] ) {
@ -483,6 +489,8 @@ if ( $this->admin_image_div_callback ) {
* @since unknown
*/
function admin_page() {
if ( ! current_user_can('switch_themes') )
wp_die(__('You do not have permission to customize headers.'));
$step = $this->step();
if ( 1 == $step )
$this->step_1();