Introduce DISALLOW_FILE_MOD for disabling all ops that modify core, theme, or plugins files. see #13000

git-svn-id: http://svn.automattic.com/wordpress/trunk@14088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2010-04-14 17:22:11 +00:00
parent 5e923222fa
commit c4a677dea9
1 changed files with 8 additions and 1 deletions

View File

@ -993,7 +993,6 @@ function map_meta_cap( $cap, $user_id ) {
break; break;
} }
// Fall through if not DISALLOW_FILE_EDIT. // Fall through if not DISALLOW_FILE_EDIT.
case 'unfiltered_html':
case 'update_plugins': case 'update_plugins':
case 'delete_plugins': case 'delete_plugins':
case 'install_plugins': case 'install_plugins':
@ -1001,6 +1000,14 @@ function map_meta_cap( $cap, $user_id ) {
case 'delete_themes': case 'delete_themes':
case 'install_themes': case 'install_themes':
case 'update_core': case 'update_core':
// Disallow anything that creates, deletes, or edits core, plugin, or theme files.
// Files in uploads are excepted.
if ( defined('DISALLOW_FILE_MODS') && DISALLOW_FILE_MODS ) {
$caps[] = 'do_not_allow';
break;
}
// Fall through if not DISALLOW_FILE_MODS.
case 'unfiltered_html':
case 'delete_user': case 'delete_user':
case 'delete_users': case 'delete_users':
// If multisite these caps are allowed only for super admins. // If multisite these caps are allowed only for super admins.