diff --git a/wp-admin/menu.php b/wp-admin/menu.php index 23292d3fc9..7a22eea850 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -51,7 +51,7 @@ if ( is_multisite() ) { $update_title = !empty($update_title) ? esc_attr(implode(', ', $update_title)) : ''; - $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "" . number_format_i18n($update_count) . "" ), 'install_plugins', 'update-core.php'); + $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "" . number_format_i18n($update_count) . "" ), 'update_core', 'update-core.php'); unset($plugin_update_count, $theme_update_count, $wordpress_update_count, $update_count, $update_title, $update_themes, $update_plugins, $update_wordpress); } diff --git a/wp-admin/network/menu.php b/wp-admin/network/menu.php index 8e20c844f5..7fbfb9958c 100644 --- a/wp-admin/network/menu.php +++ b/wp-admin/network/menu.php @@ -61,7 +61,7 @@ if ( $theme_update_count ) $update_title = !empty($update_title) ? esc_attr(implode(', ', $update_title)) : ''; $menu[30] = array(sprintf( __('Updates %s'), "" . number_format_i18n($update_count) . "" ), 'manage_network', 'upgrade.php', '', 'menu-top menu-icon-tools', 'menu-update', 'div'); -$submenu[ 'upgrade.php' ][10] = array( __( 'Updates' ), 'install_plugins', 'update-core.php' ); +$submenu[ 'upgrade.php' ][10] = array( __( 'Updates' ), 'update_core', 'update-core.php' ); $submenu[ 'upgrade.php' ][15] = array( __( 'Update Network' ), 'manage_network', 'upgrade.php' ); unset($plugin_update_count, $theme_update_count, $wordpress_update_count, $update_count, $update_title, $update_themes, $update_plugins, $update_wordpress); diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php index 98661834fc..3671915d57 100644 --- a/wp-admin/update-core.php +++ b/wp-admin/update-core.php @@ -14,7 +14,7 @@ if ( is_multisite() && ! is_network_admin() ) { exit(); } -if ( ! current_user_can( 'update_plugins' ) ) +if ( ! current_user_can( 'update_core' ) ) wp_die( __( 'You do not have sufficient permissions to update this site.' ) ); function list_core_update( $update ) { @@ -164,8 +164,10 @@ function core_upgrade_preamble() { echo '

' . __( 'While your site is being updated, it will be in maintenance mode. As soon as your updates are complete, your site will return to normal.' ) . '

'; dismissed_updates(); - list_plugin_updates(); - list_theme_updates(); + if ( current_user_can( 'update_plugins' ) ) + list_plugin_updates(); + if ( current_user_can( 'update_themes' ) ) + list_theme_updates(); do_action('core_upgrade_preamble'); echo ''; } @@ -406,9 +408,11 @@ add_contextual_help($current_screen, ); if ( 'upgrade-core' == $action ) { + wp_version_check(); require_once(ABSPATH . 'wp-admin/admin-header.php'); core_upgrade_preamble(); + } elseif ( 'do-core-upgrade' == $action || 'do-core-reinstall' == $action ) { check_admin_referer('upgrade-core'); @@ -429,6 +433,10 @@ if ( 'upgrade-core' == $action ) { do_core_upgrade($reinstall); } elseif ( 'do-plugin-upgrade' == $action ) { + + if ( ! current_user_can( 'update_plugins' ) ) + wp_die( __( 'You do not have sufficient permissions to update this site.' ) ); + check_admin_referer('upgrade-core'); if ( isset( $_GET['plugins'] ) ) { @@ -451,7 +459,12 @@ if ( 'upgrade-core' == $action ) { echo '

' . esc_html__('Update Plugins') . '

'; echo ""; echo ''; + } elseif ( 'do-theme-upgrade' == $action ) { + + if ( ! current_user_can( 'update_themes' ) ) + wp_die( __( 'You do not have sufficient permissions to update this site.' ) ); + check_admin_referer('upgrade-core'); if ( isset( $_GET['themes'] ) ) {