Menu and plugin tweakage.

git-svn-id: http://svn.automattic.com/wordpress/trunk@4049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-07-26 22:18:36 +00:00
parent 7f4ef75395
commit 4e7aacfc21
4 changed files with 23 additions and 7 deletions

View File

@ -379,6 +379,7 @@ function add_user() {
if ( func_num_args() ) { // The hackiest hack that ever did hack if ( func_num_args() ) { // The hackiest hack that ever did hack
global $current_user, $wp_roles; global $current_user, $wp_roles;
$user_id = func_get_arg(0); $user_id = func_get_arg(0);
if (isset ($_POST['role'])) { if (isset ($_POST['role'])) {
if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) { if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) {
$user = new WP_User($user_id); $user = new WP_User($user_id);
@ -412,7 +413,7 @@ function edit_user($user_id = 0) {
if (isset ($_POST['pass2'])) if (isset ($_POST['pass2']))
$pass2 = $_POST['pass2']; $pass2 = $_POST['pass2'];
if (isset ($_POST['role'])) { if (isset ($_POST['role']) && current_user_can('edit_users')) {
if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
$user->role = $_POST['role']; $user->role = $_POST['role'];
} }
@ -1330,12 +1331,16 @@ function user_can_access_admin_page() {
global $menu; global $menu;
global $submenu; global $submenu;
global $menu_nopriv; global $menu_nopriv;
global $plugin_page;
$parent = get_admin_page_parent(); $parent = get_admin_page_parent();
if ( isset($menu_nopriv[$pagenow]) ) if ( isset($menu_nopriv[$pagenow]) )
return false; return false;
if ( isset($plugin_page) && isset($menu_nopriv[$plugin_page]) )
return false;
if ( empty($parent) ) if ( empty($parent) )
return true; return true;

View File

@ -30,12 +30,15 @@ wp_enqueue_script( 'fat' );
$editing = false; $editing = false;
require(ABSPATH . '/wp-admin/menu.php');
// Handle plugin admin pages.
if (isset($_GET['page'])) { if (isset($_GET['page'])) {
$plugin_page = stripslashes($_GET['page']); $plugin_page = stripslashes($_GET['page']);
$plugin_page = plugin_basename($plugin_page); $plugin_page = plugin_basename($plugin_page);
}
require(ABSPATH . '/wp-admin/menu.php');
// Handle plugin admin pages.
if (isset($plugin_page)) {
$page_hook = get_plugin_page_hook($plugin_page, $pagenow); $page_hook = get_plugin_page_hook($plugin_page, $pagenow);
if ( $page_hook ) { if ( $page_hook ) {
@ -64,6 +67,9 @@ if (isset($_GET['page'])) {
$importer = $_GET['import']; $importer = $_GET['import'];
if ( ! current_user_can('import') )
wp_die(__('You are not allowed to import.'));
if ( validate_file($importer) ) { if ( validate_file($importer) ) {
wp_die(__('Invalid importer.')); wp_die(__('Invalid importer.'));
} }

View File

@ -322,11 +322,11 @@ class wpdbBackup {
/////////////////////////////// ///////////////////////////////
function admin_menu() { function admin_menu() {
add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu')); add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
} }
function fragment_menu() { function fragment_menu() {
add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script')); add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
} }
///////////////////////////////////////////////////////// /////////////////////////////////////////////////////////
@ -884,6 +884,9 @@ class wpdbBackup {
function wpdbBackup_init() { function wpdbBackup_init() {
global $mywpdbbackup; global $mywpdbbackup;
if ( !current_user_can('import') ) return;
$mywpdbbackup = new wpdbBackup(); $mywpdbbackup = new wpdbBackup();
} }

View File

@ -1228,10 +1228,12 @@ class wp_xmlrpc_server extends IXR_Server {
$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom ); $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
$original_title = $title; $original_title = $title;
$comment_post_ID = $post_ID; $comment_post_ID = (int) $post_ID;
$comment_author = $title; $comment_author = $title;
$this->escape($comment_author);
$comment_author_url = $pagelinkedfrom; $comment_author_url = $pagelinkedfrom;
$comment_content = $context; $comment_content = $context;
$this->escape($comment_content);
$comment_type = 'pingback'; $comment_type = 'pingback';
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type'); $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');