diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-07-27 14:47:30 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-07-27 14:47:30 +0000 |
| commit | 503214a304ab0ce46df6feae4c052abcd941af98 (patch) | |
| tree | 60d8047e0ac5b79aa7b9cdbbf4168c4a51bc050f /wp-admin | |
| parent | 9869401a21a143eb2369beb24d8446d855c41464 (diff) | |
WP Merge
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@712 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin')
| -rw-r--r-- | wp-admin/admin-functions.php | 7 | ||||
| -rw-r--r-- | wp-admin/admin.php | 12 |
2 files changed, 15 insertions, 4 deletions
diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 9ab92cb..ca82ddf 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -379,6 +379,7 @@ function add_user() { if ( func_num_args() ) { // The hackiest hack that ever did hack global $current_user, $wp_roles; $user_id = func_get_arg(0); + if (isset ($_POST['role'])) { if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) { $user = new WP_User($user_id); @@ -412,7 +413,7 @@ function edit_user($user_id = 0) { if (isset ($_POST['pass2'])) $pass2 = $_POST['pass2']; - if (isset ($_POST['role']) && current_user_can('edit_users')) { + if (isset ($_POST['role']) && current_user_can('edit_users')) { if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) $user->role = $_POST['role']; } @@ -1345,12 +1346,16 @@ function user_can_access_admin_page() { global $menu; global $submenu; global $menu_nopriv; + global $plugin_page; $parent = get_admin_page_parent(); if ( isset($menu_nopriv[$pagenow]) ) return false; + if ( isset($plugin_page) && isset($menu_nopriv[$plugin_page]) ) + return false; + if ( empty($parent) ) return true; diff --git a/wp-admin/admin.php b/wp-admin/admin.php index b6e270c..91196b0 100644 --- a/wp-admin/admin.php +++ b/wp-admin/admin.php @@ -39,12 +39,15 @@ wp_enqueue_script( 'fat' ); $editing = false; -require(ABSPATH . '/wp-admin/menu.php'); - -// Handle plugin admin pages. if (isset($_GET['page'])) { $plugin_page = stripslashes($_GET['page']); $plugin_page = plugin_basename($plugin_page); +} + +require(ABSPATH . '/wp-admin/menu.php'); + +// Handle plugin admin pages. +if (isset($plugin_page)) { $page_hook = get_plugin_page_hook($plugin_page, $pagenow); if ( $page_hook ) { @@ -76,6 +79,9 @@ if (isset($_GET['page'])) { $importer = $_GET['import']; + if ( ! current_user_can('import') ) + wp_die(__('You are not allowed to import.')); + if ( validate_file($importer) ) { wp_die(__('Invalid importer.')); } |