Add current_user_can() checks to link.php. Props DD32. fixes #4627

git-svn-id: http://svn.automattic.com/wordpress/trunk@6255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-10-16 16:09:01 +00:00
parent 9c6dc8f1be
commit 2762527a1e
1 changed files with 8 additions and 19 deletions

View File

@ -3,6 +3,9 @@ require_once ('admin.php');
wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]')); wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]'));
if ( ! current_user_can('manage_links') )
wp_die( __('You do not have sufficient permissions to edit the links for this blog.') );
if ('' != $_POST['deletebookmarks']) if ('' != $_POST['deletebookmarks'])
$action = 'deletebookmarks'; $action = 'deletebookmarks';
if ('' != $_POST['move']) if ('' != $_POST['move'])
@ -16,10 +19,6 @@ switch ($action) {
case 'deletebookmarks' : case 'deletebookmarks' :
check_admin_referer('bulk-bookmarks'); check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
//for each link id (in $linkcheck[]) change category to selected value //for each link id (in $linkcheck[]) change category to selected value
if (count($linkcheck) == 0) { if (count($linkcheck) == 0) {
wp_redirect($this_file); wp_redirect($this_file);
@ -41,10 +40,6 @@ switch ($action) {
case 'move' : case 'move' :
check_admin_referer('bulk-bookmarks'); check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
//for each link id (in $linkcheck[]) change category to selected value //for each link id (in $linkcheck[]) change category to selected value
if (count($linkcheck) == 0) { if (count($linkcheck) == 0) {
wp_redirect($this_file); wp_redirect($this_file);
@ -81,9 +76,6 @@ switch ($action) {
$link_id = (int) $_GET['link_id']; $link_id = (int) $_GET['link_id'];
check_admin_referer('delete-bookmark_' . $link_id); check_admin_referer('delete-bookmark_' . $link_id);
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
wp_delete_link($link_id); wp_delete_link($link_id);
wp_redirect($this_file); wp_redirect($this_file);
@ -97,21 +89,18 @@ switch ($action) {
$parent_file = 'link-manager.php'; $parent_file = 'link-manager.php';
$submenu_file = 'link-manager.php'; $submenu_file = 'link-manager.php';
$title = __('Edit Link'); $title = __('Edit Link');
include_once ('admin-header.php');
if (!current_user_can('manage_links'))
wp_die(__('You do not have sufficient permissions to edit the links for this blog.'));
$link_id = (int) $_GET['link_id']; $link_id = (int) $_GET['link_id'];
if (!$link = get_link_to_edit($link_id)) if (!$link = get_link_to_edit($link_id))
wp_die(__('Link not found.')); wp_die(__('Link not found.'));
include_once ('admin-header.php');
include ('edit-link-form.php'); include ('edit-link-form.php');
include ('admin-footer.php');
break; break;
default : default :
break; break;
} }
include ('admin-footer.php');
?> ?>