Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Menu and plugin tweakage. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@4049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-07-26 22:18:36 +00:00
parent 7f4ef75395
commit 4e7aacfc21
4 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wp-admin/admin-functions.php
View File

@ -379,6 +379,7 @@ function add_user() {
if ( func_num_args() ) { // The hackiest hack that ever did hack
global $current_user, $wp_roles;
$user_id = func_get_arg(0);
if (isset ($_POST['role'])) {
if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) {
$user = new WP_User($user_id);
@ -412,7 +413,7 @@ function edit_user($user_id = 0) {
if (isset ($_POST['pass2']))
$pass2 = $_POST['pass2'];
if (isset ($_POST['role'])) {
if (isset ($_POST['role']) && current_user_can('edit_users')) {
if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
$user->role = $_POST['role'];
}
@ -1330,12 +1331,16 @@ function user_can_access_admin_page() {
global $menu;
global $submenu;
global $menu_nopriv;
global $plugin_page;
$parent = get_admin_page_parent();
if ( isset($menu_nopriv[$pagenow]) )
return false;
if ( isset($plugin_page) && isset($menu_nopriv[$plugin_page]) )
return false;
if ( empty($parent) )
return true;

12
wp-admin/admin.php
View File

@ -30,12 +30,15 @@ wp_enqueue_script( 'fat' );
$editing = false;
require(ABSPATH . '/wp-admin/menu.php');
// Handle plugin admin pages.
if (isset($_GET['page'])) {
$plugin_page = stripslashes($_GET['page']);
$plugin_page = plugin_basename($plugin_page);
}
require(ABSPATH . '/wp-admin/menu.php');
// Handle plugin admin pages.
if (isset($plugin_page)) {
$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
if ( $page_hook ) {
@ -64,6 +67,9 @@ if (isset($_GET['page'])) {
$importer = $_GET['import'];
if ( ! current_user_can('import') )
wp_die(__('You are not allowed to import.'));
if ( validate_file($importer) ) {
wp_die(__('Invalid importer.'));
}

7
wp-content/plugins/wp-db-backup.php
View File

@ -322,11 +322,11 @@ class wpdbBackup {
///////////////////////////////
function admin_menu() {
add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
}
function fragment_menu() {
add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
}
/////////////////////////////////////////////////////////
@ -884,6 +884,9 @@ class wpdbBackup {
function wpdbBackup_init() {
global $mywpdbbackup;
if ( !current_user_can('import') ) return;
$mywpdbbackup = new wpdbBackup();
}

4
xmlrpc.php
View File

@ -1228,10 +1228,12 @@ class wp_xmlrpc_server extends IXR_Server {
$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
$original_title = $title;
$comment_post_ID = $post_ID;
$comment_post_ID = (int) $post_ID;
$comment_author = $title;
$this->escape($comment_author);
$comment_author_url = $pagelinkedfrom;
$comment_content = $context;
$this->escape($comment_content);
$comment_type = 'pingback';
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');