From fffff45c254a6627762ae7459329327ba40b02ef Mon Sep 17 00:00:00 2001 From: nacin Date: Sat, 30 Jun 2012 12:08:18 +0000 Subject: [PATCH] Cap checks in the upgrader so we do not show links the user cannot access. props linuxologos for the initial patch. see #19824. Also fixes a rare fatal error when theme_info is not set when updating a theme that is already up to date. git-svn-id: http://core.svn.wordpress.org/trunk@21195 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/class-wp-upgrader.php | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php index 4060320376..68094e258c 100644 --- a/wp-admin/includes/class-wp-upgrader.php +++ b/wp-admin/includes/class-wp-upgrader.php @@ -851,6 +851,8 @@ class Theme_Upgrader extends WP_Upgrader { foreach ( $themes as $theme ) { $this->update_current++; + $this->skin->theme_info = $this->theme_info($theme); + if ( !isset( $current->response[ $theme ] ) ) { $this->skin->set_result(false); $this->skin->before(); @@ -860,8 +862,6 @@ class Theme_Upgrader extends WP_Upgrader { continue; } - $this->skin->theme_info = $this->theme_info($theme); - // Get the URL to the zip file $r = $current->response[ $theme ]; @@ -1351,6 +1351,8 @@ class Bulk_Plugin_Upgrader_Skin extends Bulk_Upgrader_Skin { 'plugins_page' => '' . __('Return to Plugins page') . '', 'updates_page' => '' . __('Return to WordPress Updates') . '' ); + if ( ! current_user_can( 'activate_plugins' ) ) + unset( $update_actions['plugins_page'] ); $update_actions = apply_filters('update_bulk_plugins_complete_actions', $update_actions, $this->plugin_info); if ( ! empty($update_actions) ) @@ -1384,6 +1386,8 @@ class Bulk_Theme_Upgrader_Skin extends Bulk_Upgrader_Skin { 'themes_page' => '' . __('Return to Themes page') . '', 'updates_page' => '' . __('Return to WordPress Updates') . '' ); + if ( ! current_user_can( 'switch_themes' ) && ! current_user_can( 'edit_theme_options' ) ) + unset( $update_actions['themes_page'] ); $update_actions = apply_filters('update_bulk_theme_complete_actions', $update_actions, $this->theme_info ); if ( ! empty($update_actions) ) @@ -1517,10 +1521,10 @@ class Theme_Installer_Skin extends WP_Upgrader_Skin { if ( $this->type == 'web' ) $install_actions['themes_page'] = '' . __('Return to Theme Installer') . ''; - else + elseif ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) ) $install_actions['themes_page'] = '' . __('Return to Themes page') . ''; - if ( ! $this->result || is_wp_error($this->result) || is_network_admin() ) + if ( ! $this->result || is_wp_error($this->result) || is_network_admin() || ! current_user_can( 'switch_themes' ) ) unset( $install_actions['activate'], $install_actions['preview'] ); $install_actions = apply_filters('install_theme_complete_actions', $install_actions, $this->api, $stylesheet, $theme_info); @@ -1572,8 +1576,9 @@ class Theme_Upgrader_Skin extends WP_Upgrader_Skin { $activate_link = wp_nonce_url( $activate_link, 'switch-theme_' . $stylesheet ); if ( get_stylesheet() == $stylesheet ) { - $update_actions['preview'] = '' . __('Customize') . ''; - } else { + if ( current_user_can( 'edit_theme_options' ) ) + $update_actions['preview'] = '' . __('Customize') . ''; + } elseif ( current_user_can( 'switch_themes' ) ) { $update_actions['preview'] = '' . __('Preview') . ''; $update_actions['preview'] .= '' . __('Live Preview') . ''; $update_actions['activate'] = '' . __('Activate') . '';