diff options
| -rw-r--r-- | wp-inst/wp-admin/admin-functions.php | 45 | ||||
| -rw-r--r-- | wp-inst/wp-admin/bookmarklet.php | 2 | ||||
| -rw-r--r-- | wp-inst/wp-admin/edit-comments.php | 16 | ||||
| -rw-r--r-- | wp-inst/wp-admin/edit-form.php | 2 | ||||
| -rw-r--r-- | wp-inst/wp-admin/edit-pages.php | 14 | ||||
| -rw-r--r-- | wp-inst/wp-admin/edit.php | 4 | ||||
| -rw-r--r-- | wp-inst/wp-admin/menu-header.php | 4 | ||||
| -rw-r--r-- | wp-inst/wp-admin/moderation.php | 5 | ||||
| -rw-r--r-- | wp-inst/wp-admin/options.php | 21 | ||||
| -rw-r--r-- | wp-inst/wp-admin/post.php | 4 | ||||
| -rw-r--r-- | wp-inst/wp-admin/profile.php | 4 | ||||
| -rw-r--r-- | wp-inst/wp-admin/sidebar.php | 4 | ||||
| -rw-r--r-- | wp-inst/wp-admin/templates.php | 8 | ||||
| -rw-r--r-- | wp-inst/wp-admin/upgrade-functions.php | 8 | ||||
| -rw-r--r-- | wp-inst/wp-admin/upgrade-schema.php | 13 | ||||
| -rw-r--r-- | wp-inst/wp-admin/upload.php | 5 | ||||
| -rw-r--r-- | wp-inst/wp-includes/classes.php | 7 | ||||
| -rw-r--r-- | wp-inst/wp-includes/functions.php | 40 | ||||
| -rw-r--r-- | wp-inst/wp-settings.php | 8 |
19 files changed, 110 insertions, 104 deletions
diff --git a/wp-inst/wp-admin/admin-functions.php b/wp-inst/wp-admin/admin-functions.php index 2d0b0e6..94a515e 100644 --- a/wp-inst/wp-admin/admin-functions.php +++ b/wp-inst/wp-admin/admin-functions.php @@ -4,7 +4,7 @@ function write_post() { global $user_ID; - if ( !user_can_create_draft($user_ID) ) + if ( ! current_user_can('edit_posts') ) die( __('You are not allowed to create posts or drafts on this blog.') ); // Rename. @@ -21,20 +21,20 @@ function write_post() { $_POST['post_author'] = (int) $_POST['user_ID']; } - if ( !user_can_edit_user($user_ID, $_POST['post_author']) ) + if ( ($_POST['post_author'] != $_POST['user_ID']) && ! current_user_can('edit_others_posts') ) die( __('You cannot post as this user.') ); - if ( 'publish' == $_POST['post_status'] && (!user_can_create_post($user_ID)) ) - $_POST['post_status'] = 'draft'; - // What to do based on which button they pressed if ('' != $_POST['saveasdraft']) $_POST['post_status'] = 'draft'; if ('' != $_POST['saveasprivate']) $_POST['post_status'] = 'private'; if ('' != $_POST['publish']) $_POST['post_status'] = 'publish'; if ('' != $_POST['advanced']) $_POST['post_status'] = 'draft'; if ('' != $_POST['savepage']) $_POST['post_status'] = 'static'; - - if (user_can_set_post_date($user_ID) && (!empty($_POST['edit_date']))) { + + if ( 'publish' == $_POST['post_status'] && ! current_user_can('publish_posts') ) + $_POST['post_status'] = 'draft'; + + if ( !empty($_POST['edit_date']) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; @@ -60,12 +60,9 @@ function write_post() { function edit_post() { global $user_ID; - if ( !isset($blog_ID) ) - $blog_ID = 1; - $post_ID = (int) $_POST['post_ID']; - if (!user_can_edit_post($user_ID, $post_ID, $blog_ID)) + if ( ! current_user_can('edit_post', $post_ID) ) die( __('You are not allowed to edit this post.') ); // Rename. @@ -83,10 +80,20 @@ function edit_post() { $_POST['post_author'] = (int) $_POST['user_ID']; } - if ( !user_can_edit_user($user_ID, $_POST['post_author']) ) + if ( ($_POST['post_author'] != $_POST['user_ID']) && ! current_user_can('edit_others_posts') ) die( __('You cannot post as this user.') ); - if (user_can_set_post_date($user_ID) && (!empty($_POST['edit_date']))) { + // What to do based on which button they pressed + if ('' != $_POST['saveasdraft']) $_POST['post_status'] = 'draft'; + if ('' != $_POST['saveasprivate']) $_POST['post_status'] = 'private'; + if ('' != $_POST['publish']) $_POST['post_status'] = 'publish'; + if ('' != $_POST['advanced']) $_POST['post_status'] = 'draft'; + if ('' != $_POST['savepage']) $_POST['post_status'] = 'static'; + + if ( 'publish' == $_POST['post_status'] && ! current_user_can('publish_posts') ) + $_POST['post_status'] = 'draft'; + + if ( !empty($_POST['edit_date']) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; @@ -125,7 +132,7 @@ function edit_comment() { $comment_ID = (int) $_POST['comment_ID']; $comment_post_ID = (int) $_POST['comment_post_ID']; - if (!user_can_edit_post_comments($user_ID, $comment_post_ID)) + if ( ! current_user_can('edit_post', $comment_post_ID) ) die( __('You are not allowed to edit comments on this post, so you cannot edit this comment.') ); $_POST['comment_author'] = $_POST['newcomment_author']; @@ -135,7 +142,7 @@ function edit_comment() { $_POST['comment_content'] = $_POST['content']; $_POST['comment_ID'] = (int) $_POST['comment_ID']; - if (user_can_edit_post_date($user_ID, $post_ID) && (!empty($_POST['edit_date']))) { + if ( !empty($_POST['edit_date']) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; @@ -749,8 +756,8 @@ function update_meta($mid, $mkey, $mvalue) { } function touch_time($edit = 1, $for_post = 1) { - global $month, $postdata, $commentdata; - if ( $for_post && ('draft' == $postdata->post_status) ) { + global $month, $post, $comment; + if ( $for_post && ('draft' == $post->post_status) ) { $checked = 'checked="checked" '; $edit = false; } else { @@ -760,7 +767,7 @@ function touch_time($edit = 1, $for_post = 1) { echo '<fieldset><legend><input type="checkbox" class="checkbox" name="edit_date" value="1" id="timestamp" '.$checked.'/> <label for="timestamp">' . __('Edit timestamp') . '</label></legend>'; $time_adj = time() + (get_settings('gmt_offset') * 3600); - $post_date = ($for_post) ? $postdata->post_date : $commentdata['comment_date']; + $post_date = ($for_post) ? $post->post_date : $comment->comment_date; $jj = ($edit) ? mysql2date('d', $post_date) : gmdate('d', $time_adj); $mm = ($edit) ? mysql2date('m', $post_date) : gmdate('m', $time_adj); $aa = ($edit) ? mysql2date('Y', $post_date) : gmdate('Y', $time_adj); @@ -791,7 +798,7 @@ function touch_time($edit = 1, $for_post = 1) { <?php _e('Existing timestamp'); ?>: <?php // We might need to readjust to display proper existing timestamp - if ( $for_post && ('draft' == $postdata->post_status) ) { + if ( $for_post && ('draft' == $post->post_status) ) { $jj = mysql2date('d', $post_date); $mm = mysql2date('m', $post_date); $aa = mysql2date('Y', $post_date); diff --git a/wp-inst/wp-admin/bookmarklet.php b/wp-inst/wp-admin/bookmarklet.php index 555abee..2562ae2 100644 --- a/wp-inst/wp-admin/bookmarklet.php +++ b/wp-inst/wp-admin/bookmarklet.php @@ -2,7 +2,7 @@ $mode = 'bookmarklet'; require_once('admin.php'); -if ($user_level == 0) +if ( ! current_user_can('edit_posts') ) die ("Cheatin' uh?"); if ('b' == $a) { diff --git a/wp-inst/wp-admin/edit-comments.php b/wp-inst/wp-admin/edit-comments.php index bcfd4c2..d8632d3 100644 --- a/wp-inst/wp-admin/edit-comments.php +++ b/wp-inst/wp-admin/edit-comments.php @@ -43,7 +43,7 @@ if ( !empty( $_POST['delete_comments'] ) ) : $comment = (int) $comment; $post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment"); $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") ); - if ( user_can_delete_post_comments($user_ID, $post_id) ) : + if ( current_user_can('edit_post', $post_id) ) : $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID = $comment"); ++$i; endif; @@ -93,14 +93,14 @@ if ('view' == $mode) { <?php comment_text() ?> <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A'); - if ( user_can_edit_post_comments($user_ID, $comment->comment_post_ID) ) { + if ( current_user_can('edit_post', $comment->comment_post_ID) ) { echo " | <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>"; } - if ( user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) { + if ( current_user_can('edit_post', $comment->comment_post_ID) ) { echo " | <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\">" . __('Delete Comment') . "</a> — "; } // end if any comments to show // Get post title - if ( user_can_edit_post($user_ID, $comment->comment_post_ID) ) { + if ( current_user_can('edit_post', $comment->comment_post_ID) ) { $post_title = $wpdb->get_var("SELECT post_title FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"); $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title; ?> <a href="post.php?action=edit&post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post “%s”'), stripslashes($post_title)); ?></a> @@ -138,15 +138,15 @@ if ('view' == $mode) { $class = ('alternate' == $class) ? '' : 'alternate'; ?> <tr class='<?php echo $class; ?>'> - <td><?php if (user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td> + <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td> <td><?php comment_author_link() ?></td> <td><?php comment_author_email_link() ?></td> <td><a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></td> <td><?php comment_excerpt(); ?></td> <td><a href="<?php echo get_permalink($comment->comment_post_ID); ?>#comment-<?php comment_ID() ?>" class="edit"><?php _e('View') ?></a></td> - <td><?php if ( user_can_edit_post_comments($user_ID, $comment->comment_post_ID) ) { + <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { echo "<a href='post.php?action=editcomment&comment=$comment->comment_ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> - <td><?php if ( user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) { + <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { echo "<a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\" class='delete'>" . __('Delete') . "</a>"; } ?></td> </tr> <?php @@ -168,4 +168,4 @@ if ('view' == $mode) { </div> -<?php include('admin-footer.php'); ?>
\ No newline at end of file +<?php include('admin-footer.php'); ?> diff --git a/wp-inst/wp-admin/edit-form.php b/wp-inst/wp-admin/edit-form.php index 11d62d4..548a60a 100644 --- a/wp-inst/wp-admin/edit-form.php +++ b/wp-inst/wp-admin/edit-form.php @@ -58,7 +58,7 @@ edCanvas = document.getElementById('content'); <p class="submit"><input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" value="<?php _e('Save as Draft') ?>" /> <input name="saveasprivate" type="submit" id="saveasprivate" tabindex="10" value="<?php _e('Save as Private') ?>" /> - <?php if ( user_can_create_post($user_ID) ) : ?> + <?php if ( current_user_can('edit_posts') ) : ?> <input name="publish" type="submit" id="publish" tabindex="6" style="font-weight: bold;" value="<?php _e('Publish') ?>" /> <?php endif; ?> diff --git a/wp-inst/wp-admin/edit-pages.php b/wp-inst/wp-admin/edit-pages.php index 6609e74..fff1502 100644 --- a/wp-inst/wp-admin/edit-pages.php +++ b/wp-inst/wp-admin/edit-pages.php @@ -3,25 +3,13 @@ require_once('admin.php'); $title = __('Pages'); $parent_file = 'edit.php'; require_once('admin-header.php'); - -get_currentuserinfo(); ?> <div class="wrap"> <h2><?php _e('Page Management'); ?></h2> <?php -/* -if (isset($user_ID) && ('' != intval($user_ID))) { - $posts = $wpdb->get_results(" - SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts - INNER JOIN $wpdb->users ON ($wpdb->posts.post_author = $wpdb->users.ID) - WHERE $wpdb->posts.post_status = 'static' - AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID) - "); -} else { */ - $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'"); -// } FIXME +$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'"); if ($posts) { ?> diff --git a/wp-inst/wp-admin/edit.php b/wp-inst/wp-admin/edit.php index daef277..4440742 100644 --- a/wp-inst/wp-admin/edit.php +++ b/wp-inst/wp-admin/edit.php @@ -7,8 +7,6 @@ require_once('admin-header.php'); $_GET['m'] = (int) $_GET['m']; -get_currentuserinfo(); - $drafts = get_users_drafts( $user_ID ); $other_drafts = get_others_drafts( $user_ID); @@ -255,7 +253,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID); if ( current_user_can('edit_post', $post->ID) ) { echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>"; echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> "; - if ( ('none' != $comment_status) && ($user_level >= 3) ) { + if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { if ('approved' == wp_get_comment_status($comment->comment_ID)) { echo " - <a href=\"post.php?action=unapprovecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> "; } else { diff --git a/wp-inst/wp-admin/menu-header.php b/wp-inst/wp-admin/menu-header.php index 6807a9e..c7ec581 100644 --- a/wp-inst/wp-admin/menu-header.php +++ b/wp-inst/wp-admin/menu-header.php @@ -8,7 +8,7 @@ get_admin_page_parent(); foreach ($menu as $item) { $class = ''; - // 0 = name, 1 = user_level, 2 = file + // 0 = name, 1 = capability, 2 = file if (( strcmp($self, $item[2]) == 0 && empty($parent_file)) || ($parent_file && ($item[2] == $parent_file))) $class = ' class="current"'; if ( current_user_can($item[1]) ) { @@ -54,4 +54,4 @@ endforeach; ?> </ul> -<?php endif; ?> +<?php endif; ?>
\ No newline at end of file diff --git a/wp-inst/wp-admin/moderation.php b/wp-inst/wp-admin/moderation.php index 3428bdf..eb1949d 100644 --- a/wp-inst/wp-admin/moderation.php +++ b/wp-inst/wp-admin/moderation.php @@ -31,9 +31,8 @@ switch($action) { case 'update': - if ($user_level < 3) { + if ( ! current_user_can('moderate_comments') ) die(__('<p>Your level is not high enough to moderate comments.</p>')); - } $item_ignored = 0; $item_deleted = 0; @@ -119,7 +118,7 @@ if ( isset($_GET['deleted']) || isset($_GET['approved']) || isset($_GET['ignored <div class="wrap"> <?php -if ($user_level > 3) +if ( current_user_can('moderate_comments') ) $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '0'"); else $comments = ''; diff --git a/wp-inst/wp-admin/options.php b/wp-inst/wp-admin/options.php index c6158d3..609c0b2 100644 --- a/wp-inst/wp-admin/options.php +++ b/wp-inst/wp-admin/options.php @@ -21,7 +21,7 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) { } } -if ($user_level < 6) +if ( !current_user_can('manage_options') ) die ( __('Cheatin’ uh?') ); switch($action) { @@ -50,17 +50,14 @@ case 'update': if ($options) { $options = apply_filters( 'options_to_update' , $options ); foreach ($options as $option) { - // should we even bother checking? - if ($user_level >= $option->option_admin_level) { - $old_val = $option->option_value; - $new_val = trim($_POST[$option->option_name]); - if( in_array($option->option_name, $nonbools) && ( $new_val == '0' || $new_val == '') ) - $new_val = 'closed'; - if ($new_val !== $old_val) { - $result = $wpdb->query("UPDATE $wpdb->options SET option_value = '$new_val' WHERE option_name = '$option->option_name'"); - $any_changed++; - } - } + $old_val = $option->option_value; + $new_val = trim($_POST[$option->option_name]); + if( in_array($option->option_name, $nonbools) && ( $new_val == '0' || $new_val == '') ) + $new_val = 'closed'; + if ($new_val !== $old_val) { + $result = $wpdb->query("UPDATE $wpdb->options SET option_value = '$new_val' WHERE option_name = '$option->option_name'"); + $any_changed++; + } } unset($cache_settings); // so they will be re-read get_settings('siteurl'); // make it happen now diff --git a/wp-inst/wp-admin/post.php b/wp-inst/wp-admin/post.php index e77a4d6..bf6a15a 100644 --- a/wp-inst/wp-admin/post.php +++ b/wp-inst/wp-admin/post.php @@ -326,7 +326,9 @@ default: <div class="wrap"> <p><strong><?php _e('Your Drafts:') ?></strong> <?php - for ( $i = 0; $i < 15; $i++ ) { + $num_drafts = count($drafts); + if ( $num_drafts > 15 ) $num_drafts = 15; + for ( $i = 0; $i < $num_drafts; $i++ ) { $draft = $drafts[$i]; if ( 0 != $i ) echo ', '; diff --git a/wp-inst/wp-admin/profile.php b/wp-inst/wp-admin/profile.php index 66ec010..ce5fd85 100644 --- a/wp-inst/wp-admin/profile.php +++ b/wp-inst/wp-admin/profile.php @@ -58,8 +58,6 @@ break; case 'update': - get_currentuserinfo(); - /* checking the nickname has been typed */ if (empty($_POST["newuser_nickname"])) { die (__("<strong>ERROR</strong>: please enter your nickname (can be the same as your username)")); @@ -276,7 +274,7 @@ if ( $show_password_fields ) : </div> -<?php if ($is_gecko && $profiledata->user_level != 0) { ?> +<?php if ( $is_gecko && current_user_can('edit_posts') ) { ?> <div class="wrap"> <script type="text/javascript"> //<![CDATA[ diff --git a/wp-inst/wp-admin/sidebar.php b/wp-inst/wp-admin/sidebar.php index fa75f32..51405e0 100644 --- a/wp-inst/wp-admin/sidebar.php +++ b/wp-inst/wp-admin/sidebar.php @@ -3,9 +3,7 @@ $mode = 'sidebar'; require_once('admin.php'); -get_currentuserinfo(); - -if ($user_level == 0) +if ( ! current_user_can('edit_posts') ) die ("Cheatin' uh ?"); if ('b' == $_GET['a']) { diff --git a/wp-inst/wp-admin/templates.php b/wp-inst/wp-admin/templates.php index ce8f549..da4bbac 100644 --- a/wp-inst/wp-admin/templates.php +++ b/wp-inst/wp-admin/templates.php @@ -36,9 +36,8 @@ switch($action) { case 'update': - if ($user_level < 5) { + if ( ! current_user_can('edit_files') ) die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>')); - } $newcontent = stripslashes($_POST['newcontent']); if (is_writeable($real_file)) { @@ -57,7 +56,8 @@ break; default: require_once('./admin-header.php'); - if ( $user_level <= 5 ) + + if ( ! current_user_can('edit_files') ) die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>')); if ( strstr( $file, 'wp-config.php' ) ) @@ -151,4 +151,4 @@ break; } include("admin-footer.php"); -?> +?>
\ No newline at end of file diff --git a/wp-inst/wp-admin/upgrade-functions.php b/wp-inst/wp-admin/upgrade-functions.php index 06fe3d2..cc758d2 100644 --- a/wp-inst/wp-admin/upgrade-functions.php +++ b/wp-inst/wp-admin/upgrade-functions.php @@ -254,6 +254,14 @@ function upgrade_160() { $id = $wpdb->escape( $id ); $wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'"); endif; + + // FIXME: Temporary code to reset roles and caps if flag is set. + if ( defined('RESET_CAPS') ) { + $level = get_usermeta($user->ID, $table_prefix . 'user_level'); + $role = translate_level_to_role($level); + update_usermeta( $user->ID, $table_prefix . 'capabilities', array($role => true) ); + } + endforeach; $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' ); $wpdb->hide_errors(); diff --git a/wp-inst/wp-admin/upgrade-schema.php b/wp-inst/wp-admin/upgrade-schema.php index a7905c1..f338952 100644 --- a/wp-inst/wp-admin/upgrade-schema.php +++ b/wp-inst/wp-admin/upgrade-schema.php @@ -276,6 +276,7 @@ function populate_roles() { 'edit_published_posts' => true, 'publish_posts' => true, 'edit_pages' => true, + 'moderate_comments' => true, 'manage_categories' => true, 'manage_links' => true, 'upload_files' => true, @@ -308,9 +309,10 @@ function populate_roles() { 'edit_published_posts' => true, 'publish_posts' => true, 'edit_pages' => true, + 'moderate_comments' => true, 'manage_categories' => true, 'manage_links' => true, - 'upload_images' => true, + 'upload_files' => true, 'read' => true, 'level_7' => true, 'level_6' => true, @@ -327,7 +329,7 @@ function populate_roles() { 'capabilities' => array( 'edit_posts' => true, 'publish_posts' => true, - 'upload_images' => true, + 'upload_files' => true, 'read' => true, 'level_2' => true, 'level_1' => true, @@ -354,7 +356,10 @@ function populate_roles() { array('name' => __('Inactive'), 'capabilities' => array()) ); - - add_option($table_prefix . 'user_roles', $roles); + // FIXME: Temporary code to reset roles and caps if flag is set. + if ( defined('RESET_CAPS') ) + update_option($table_prefix . 'user_roles', $roles); + else + add_option($table_prefix . 'user_roles', $roles); } ?> diff --git a/wp-inst/wp-admin/upload.php b/wp-inst/wp-admin/upload.php index 61c8f21..5e69388 100644 --- a/wp-inst/wp-admin/upload.php +++ b/wp-inst/wp-admin/upload.php @@ -5,13 +5,10 @@ $title = 'Upload Image or File'; require_once('admin-header.php'); -if ($user_level == 0) //Checks to see if user has logged in - die (__("Cheatin' uh ?")); - if (!get_settings('use_fileupload')) //Checks if file upload is enabled in the config die (__("The admin disabled this function")); -if ( !get_settings('fileupload_minlevel') ) +if ( ! current_user_can('upload_files') ) die (__("You are not allowed to upload files")); $allowed_types = explode(' ', "jpg jpeg png gif"); diff --git a/wp-inst/wp-includes/classes.php b/wp-inst/wp-includes/classes.php index ca4c082..94f3e52 100644 --- a/wp-inst/wp-includes/classes.php +++ b/wp-inst/wp-includes/classes.php @@ -9,6 +9,7 @@ class WP_Query { var $posts; var $post_count = 0; var $current_post = -1; + var $in_the_loop = false; var $post; var $is_single = false; @@ -55,6 +56,7 @@ class WP_Query { unset($this->queried_object_id); $this->post_count = 0; $this->current_post = -1; + $this->in_the_loop = false; } // Reparse the query vars. @@ -593,6 +595,7 @@ class WP_Query { function the_post() { global $post; + $this->in_the_loop = true; $post = $this->next_post(); setup_postdata($post); } @@ -600,8 +603,12 @@ class WP_Query { function have_posts() { if ($this->current_post + 1 < $this->post_count) { return true; + } elseif ($this->current_post + 1 == $this->post_count) { + // Do some cleaning up after the loop + $this->rewind_posts(); } + $this->in_the_loop = false; return false; } diff --git a/wp-inst/wp-includes/functions.php b/wp-inst/wp-includes/functions.php index 7afec8c..2d5a788 100644 --- a/wp-inst/wp-includes/functions.php +++ b/wp-inst/wp-includes/functions.php @@ -327,21 +327,23 @@ function get_alloptions() { function update_option($option_name, $newvalue) { global $wpdb, $cache_settings; - if ( is_array($newvalue) || is_object($newvalue) ) - $newvalue = serialize($newvalue); - $newvalue = trim($newvalue); // I can't think of any situation we wouldn't want to trim + if ( is_string($newvalue) ) + $newvalue = trim($newvalue); + + // If the new and old values are the same, no need to update. + if ( $newvalue == get_option($option_name) ) + return true; - // If the new and old values are the same, no need to update. - if ($newvalue == get_option($option_name)) { - return true; - } + if ( is_array($newvalue) || is_object($newvalue) ) + $newvalue = serialize($newvalue); // If it's not there add it if ( !$wpdb->get_var("SELECT option_name FROM $wpdb->options WHERE option_name = '$option_name'") ) add_option($option_name); $newvalue = $wpdb->escape($newvalue); + $option_name = $wpdb->escape( $option_name ); $wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'"); $cache_settings = get_alloptions(); // Re cache settings return true; @@ -1412,6 +1414,12 @@ function is_paged () { return $wp_query->is_paged; } +function in_the_loop() { + global $wp_query; + + return $wp_query->in_the_loop; +} + function get_query_var($var) { global $wp_query; @@ -1944,21 +1952,23 @@ function get_usermeta( $user_id, $meta_key = '') { if ( !empty($meta_key) ) { $meta_key = preg_replace('|a-z0-9_|i', '', $meta_key); - $metas = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'"); + $metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'"); } else { - $metas = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id'"); + $metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'"); } foreach ($metas as $index => $meta) { - @ $value = unserialize($meta->meta_key); - if ($value !== FALSE) - $metas[$index]->meta_key = $value; + @ $value = unserialize($meta->meta_value); + if ($value === FALSE) + $value = $meta->meta_value; + + $values[] = $value; } - if ( !empty($meta_key) ) - return $metas[0]; + if ( count($values) == 1 ) + return $values[0]; else - return $metas; + return $values; } function update_usermeta( $user_id, $meta_key, $meta_value ) { diff --git a/wp-inst/wp-settings.php b/wp-inst/wp-settings.php index 2869b83..3dfd280 100644 --- a/wp-inst/wp-settings.php +++ b/wp-inst/wp-settings.php @@ -190,14 +190,6 @@ if ( defined('WP_CACHE') && function_exists('wp_cache_postload') ) do_action('plugins_loaded'); -define('TEMPLATEPATH', get_template_directory()); - -// Load the default text localization domain. -load_default_textdomain(); - -// Pull in locale data after loading text domain. -require_once(ABSPATH . WPINC . '/locale.php'); - // If already slashed, strip. if ( get_magic_quotes_gpc() ) { $_GET = stripslashes_deep($_GET ); |