Permalink
Browse files

Use the update_core, update_plugins and update_themes caps in update-…

…core.php. fixes #15866.

git-svn-id: http://svn.automattic.com/wordpress/trunk@17048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
nacin
nacin committed Dec 18, 2010
1 parent afd6a5e commit 453fd478a134667c40316c23461664af6892de48
Showing with 18 additions and 5 deletions.
  1. +1 −1 wp-admin/menu.php
  2. +1 −1 wp-admin/network/menu.php
  3. +16 −3 wp-admin/update-core.php
View
@@ -51,7 +51,7 @@
$update_title = !empty($update_title) ? esc_attr(implode(', ', $update_title)) : '';
- $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "<span class='update-plugins count-$update_count' title='$update_title'><span class='update-count'>" . number_format_i18n($update_count) . "</span></span>" ), 'install_plugins', 'update-core.php');
+ $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "<span class='update-plugins count-$update_count' title='$update_title'><span class='update-count'>" . number_format_i18n($update_count) . "</span></span>" ), 'update_core', 'update-core.php');
unset($plugin_update_count, $theme_update_count, $wordpress_update_count, $update_count, $update_title, $update_themes, $update_plugins, $update_wordpress);
}
@@ -61,7 +61,7 @@
$update_title = !empty($update_title) ? esc_attr(implode(', ', $update_title)) : '';
$menu[30] = array(sprintf( __('Updates %s'), "<span class='update-plugins count-$update_count' title='$update_title'><span class='update-count'>" . number_format_i18n($update_count) . "</span></span>" ), 'manage_network', 'upgrade.php', '', 'menu-top menu-icon-tools', 'menu-update', 'div');
-$submenu[ 'upgrade.php' ][10] = array( __( 'Updates' ), 'install_plugins', 'update-core.php' );
+$submenu[ 'upgrade.php' ][10] = array( __( 'Updates' ), 'update_core', 'update-core.php' );
$submenu[ 'upgrade.php' ][15] = array( __( 'Update Network' ), 'manage_network', 'upgrade.php' );
unset($plugin_update_count, $theme_update_count, $wordpress_update_count, $update_count, $update_title, $update_themes, $update_plugins, $update_wordpress);
View
@@ -14,7 +14,7 @@
exit();
}
-if ( ! current_user_can( 'update_plugins' ) )
+if ( ! current_user_can( 'update_core' ) )
wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
function list_core_update( $update ) {
@@ -164,8 +164,10 @@ function core_upgrade_preamble() {
echo '<p>' . __( 'While your site is being updated, it will be in maintenance mode. As soon as your updates are complete, your site will return to normal.' ) . '</p>';
dismissed_updates();
- list_plugin_updates();
- list_theme_updates();
+ if ( current_user_can( 'update_plugins' ) )
+ list_plugin_updates();
+ if ( current_user_can( 'update_themes' ) )
+ list_theme_updates();
do_action('core_upgrade_preamble');
echo '</div>';
}
@@ -406,9 +408,11 @@ function no_update_actions($actions) {
);
if ( 'upgrade-core' == $action ) {
+
wp_version_check();
require_once(ABSPATH . 'wp-admin/admin-header.php');
core_upgrade_preamble();
+
} elseif ( 'do-core-upgrade' == $action || 'do-core-reinstall' == $action ) {
check_admin_referer('upgrade-core');
@@ -429,6 +433,10 @@ function no_update_actions($actions) {
do_core_upgrade($reinstall);
} elseif ( 'do-plugin-upgrade' == $action ) {
+
+ if ( ! current_user_can( 'update_plugins' ) )
+ wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
+
check_admin_referer('upgrade-core');
if ( isset( $_GET['plugins'] ) ) {
@@ -451,7 +459,12 @@ function no_update_actions($actions) {
echo '<h2>' . esc_html__('Update Plugins') . '</h2>';
echo "<iframe src='$url' style='width: 100%; height: 100%; min-height: 750px;' frameborder='0'></iframe>";
echo '</div>';
+
} elseif ( 'do-theme-upgrade' == $action ) {
+
+ if ( ! current_user_can( 'update_themes' ) )
+ wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
+
check_admin_referer('upgrade-core');
if ( isset( $_GET['themes'] ) ) {

0 comments on commit 453fd47

Please sign in to comment.