sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add current_user_can() checks to link.php. Props DD32. fixes #4627 

git-svn-id: https://develop.svn.wordpress.org/trunk@6255 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2007-10-16 16:09:01 +00:00
parent 9c014dca4e
commit f283e26138
1 changed files with 8 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
wp-admin/link.php
View File

@ -3,6 +3,9 @@ require_once ('admin.php');
wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]'));
if ( ! current_user_can('manage_links') )
wp_die( __('You do not have sufficient permissions to edit the links for this blog.') );
if ('' != $_POST['deletebookmarks'])
$action = 'deletebookmarks';
if ('' != $_POST['move'])
@ -13,13 +16,9 @@ if ('' != $_POST['linkcheck'])
$this_file = 'link-manager.php';
switch ($action) {
case 'deletebookmarks' :
case 'deletebookmarks' :
check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
//for each link id (in $linkcheck[]) change category to selected value
if (count($linkcheck) == 0) {
wp_redirect($this_file);
@ -41,10 +40,6 @@ switch ($action) {
case 'move' :
check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
//for each link id (in $linkcheck[]) change category to selected value
if (count($linkcheck) == 0) {
wp_redirect($this_file);
@ -63,7 +58,7 @@ switch ($action) {
add_link();
wp_redirect(wp_get_referer().'?added=true');
wp_redirect( wp_get_referer() . '?added=true' );
exit;
break;
@ -81,9 +76,6 @@ switch ($action) {
$link_id = (int) $_GET['link_id'];
check_admin_referer('delete-bookmark_' . $link_id);
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
wp_delete_link($link_id);
wp_redirect($this_file);
@ -97,21 +89,18 @@ switch ($action) {
$parent_file = 'link-manager.php';
$submenu_file = 'link-manager.php';
$title = __('Edit Link');
include_once ('admin-header.php');
if (!current_user_can('manage_links'))
wp_die(__('You do not have sufficient permissions to edit the links for this blog.'));
$link_id = (int) $_GET['link_id'];
if (!$link = get_link_to_edit($link_id))
wp_die(__('Link not found.'));
include_once ('admin-header.php');
include ('edit-link-form.php');
include ('admin-footer.php');
break;
default :
break;
}
include ('admin-footer.php');
?>
?>