Introduce WP_List_Table::check_permissions() and WP_List_Table::prepare_items(). Fixes #14596; See #14579

git-svn-id: http://svn.automattic.com/wordpress/trunk@15496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
scribu 2010-08-12 23:21:05 +00:00
parent 17cc67eb45
commit c6056827ed
16 changed files with 271 additions and 170 deletions

View File

@ -558,7 +558,7 @@ case 'add-tag' :
set_current_screen($_POST['screen']); set_current_screen($_POST['screen']);
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Terms_Table( 'ajax' ); $table = new WP_Terms_Table();
$level = 0; $level = 0;
$tag_full_name = false; $tag_full_name = false;
@ -626,7 +626,7 @@ case 'add-comment' :
die('-1'); die('-1');
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Comments_Table( 'ajax' ); $table = new WP_Comments_Table();
global $comments; global $comments;
@ -659,7 +659,7 @@ case 'get-comments' :
die('-1'); die('-1');
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Comments_Table( 'ajax' ); $table = new WP_Comments_Table();
global $comments; global $comments;
@ -685,7 +685,7 @@ case 'replyto-comment' :
check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Comments_Table( 'ajax' ); $table = new WP_Comments_Table();
$comment_post_ID = (int) $_POST['comment_post_ID']; $comment_post_ID = (int) $_POST['comment_post_ID'];
if ( !current_user_can( 'edit_post', $comment_post_ID ) ) if ( !current_user_can( 'edit_post', $comment_post_ID ) )
@ -776,7 +776,7 @@ case 'edit-comment' :
add_filter( 'comment_author', 'floated_admin_avatar' ); add_filter( 'comment_author', 'floated_admin_avatar' );
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Comments_Table( 'ajax' ); $table = new WP_Comments_Table();
ob_start(); ob_start();
$table->single_row( $comment_id, $mode, $comments_listing, $checkbox ); $table->single_row( $comment_id, $mode, $comments_listing, $checkbox );
@ -925,7 +925,7 @@ case 'add-user' :
$user_object = new WP_User( $user_id ); $user_object = new WP_User( $user_id );
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Users_Table( 'ajax' ); $table = new WP_Users_Table();
$x = new WP_Ajax_Response( array( $x = new WP_Ajax_Response( array(
'what' => 'user', 'what' => 'user',
@ -1218,7 +1218,7 @@ case 'inline-save':
edit_post(); edit_post();
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Posts_Table( 'ajax' ); $table = new WP_Posts_Table();
$mode = $_POST['post_view']; $mode = $_POST['post_view'];
$table->display_rows( array( get_post( $_POST['post_ID'] ) ) ); $table->display_rows( array( get_post( $_POST['post_ID'] ) ) );
@ -1228,19 +1228,14 @@ case 'inline-save':
case 'inline-save-tax': case 'inline-save-tax':
check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false; require_once( './includes/default-list-tables.php' );
if ( ! $taxonomy ) $table = new WP_Terms_Table();
die( __('Cheatin’ uh?') );
$tax = get_taxonomy($taxonomy);
if ( ! current_user_can( $tax->cap->edit_terms ) ) $table->check_permissions('edit');
die( __('Cheatin’ uh?') );
if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
die(-1); die(-1);
$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
$tag = get_term( $id, $taxonomy ); $tag = get_term( $id, $taxonomy );
$_POST['description'] = $tag->description; $_POST['description'] = $tag->description;
@ -1253,11 +1248,6 @@ case 'inline-save-tax':
die( __('Item not updated.') ); die( __('Item not updated.') );
} }
set_current_screen( 'edit-' . $taxonomy );
require_once( './includes/default-list-tables.php' );
$table = new WP_Terms_Table( 'ajax' );
echo $table->single_row( $tag, 0, $taxonomy ); echo $table->single_row( $tag, 0, $taxonomy );
} else { } else {
if ( is_wp_error($updated) && $updated->get_error_message() ) if ( is_wp_error($updated) && $updated->get_error_message() )

View File

@ -9,8 +9,10 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('./admin.php'); require_once('./admin.php');
if ( !current_user_can('edit_posts') ) require_once( './includes/default-list-tables.php' );
wp_die(__('Cheatin’ uh?'));
$table = new WP_Comments_Table;
$table->check_permissions();
if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset( $_REQUEST['delete_all'] ) || isset( $_REQUEST['delete_all2'] ) ) { if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset( $_REQUEST['delete_all'] ) || isset( $_REQUEST['delete_all2'] ) ) {
check_admin_referer( 'bulk-comments' ); check_admin_referer( 'bulk-comments' );
@ -95,9 +97,7 @@ if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset
exit; exit;
} }
require_once( './includes/default-list-tables.php' ); $table->prepare_items();
$table = new WP_Comments_Table;
wp_enqueue_script('admin-comments'); wp_enqueue_script('admin-comments');
enqueue_comment_hotkeys_js(); enqueue_comment_hotkeys_js();

View File

@ -12,6 +12,7 @@ require_once('./admin.php');
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Terms_Table; $table = new WP_Terms_Table;
$table->check_permissions();
$title = $tax->labels->name; $title = $tax->labels->name;
@ -151,6 +152,8 @@ if ( ! empty($_REQUEST['_wp_http_referer']) ) {
exit; exit;
} }
$table->prepare_items();
wp_enqueue_script('admin-tags'); wp_enqueue_script('admin-tags');
if ( current_user_can($tax->cap->edit_terms) ) if ( current_user_can($tax->cap->edit_terms) )
wp_enqueue_script('inline-edit-tax'); wp_enqueue_script('inline-edit-tax');

View File

@ -12,6 +12,7 @@ require_once( './admin.php' );
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Posts_Table; $table = new WP_Posts_Table;
$table->check_permissions();
// Back-compat for viewing comments of an entry // Back-compat for viewing comments of an entry
if ( $_redirect = intval( max( @$_REQUEST['p'], @$_REQUEST['attachment_id'], @$_REQUEST['page_id'] ) ) ) { if ( $_redirect = intval( max( @$_REQUEST['p'], @$_REQUEST['attachment_id'], @$_REQUEST['page_id'] ) ) ) {
@ -118,6 +119,8 @@ if ( 'post' != $post_type ) {
$post_new_file = 'post-new.php'; $post_new_file = 'post-new.php';
} }
$table->prepare_items();
wp_enqueue_script('inline-edit-post'); wp_enqueue_script('inline-edit-post');
$title = $post_type_object->labels->name; $title = $post_type_object->labels->name;

View File

@ -22,8 +22,8 @@ class WP_Posts_Table extends WP_List_Table {
*/ */
var $_hierarchical_display; var $_hierarchical_display;
function WP_Posts_Table( $context = 'normal' ) { function WP_Posts_Table() {
global $post_type_object, $post_type, $avail_post_stati, $wp_query, $per_page, $mode, $current_screen; global $post_type_object, $post_type, $current_screen;
if ( !isset( $_REQUEST['post_type'] ) ) if ( !isset( $_REQUEST['post_type'] ) )
$post_type = 'post'; $post_type = 'post';
@ -35,16 +35,21 @@ class WP_Posts_Table extends WP_List_Table {
$post_type_object = get_post_type_object( $post_type ); $post_type_object = get_post_type_object( $post_type );
if ( !current_user_can( $post_type_object->cap->edit_posts ) )
wp_die( __( 'Cheatin’ uh?' ) );
parent::WP_List_Table( array( parent::WP_List_Table( array(
'screen' => $current_screen, 'screen' => $current_screen,
'plural' => 'posts', 'plural' => 'posts',
) ); ) );
}
if ( 'normal' != $context ) function check_permissions() {
return; global $post_type_object;
if ( !current_user_can( $post_type_object->cap->edit_posts ) )
wp_die( __( 'Cheatin’ uh?' ) );
}
function prepare_items() {
global $post_type_object, $post_type, $avail_post_stati, $wp_query, $per_page, $mode;
$avail_post_stati = wp_edit_posts_query(); $avail_post_stati = wp_edit_posts_query();
@ -1072,34 +1077,24 @@ class WP_Posts_Table extends WP_List_Table {
class WP_Media_Table extends WP_List_Table { class WP_Media_Table extends WP_List_Table {
function WP_Media_Table( $context = 'normal' ) { function WP_Media_Table() {
global $wpdb, $wp_query, $detached, $post_mime_types, $avail_post_mime_types; global $detached;
if ( isset( $_REQUEST['find_detached'] ) ) { $detached = isset( $_REQUEST['detached'] ) || isset( $_REQUEST['find_detached'] );
if ( !current_user_can( 'edit_posts' ) )
wp_die( __( 'You are not allowed to scan for lost attachments.' ) );
$lost = $wpdb->get_col( "
SELECT ID FROM $wpdb->posts
WHERE post_type = 'attachment' AND post_parent > '0'
AND post_parent NOT IN (
SELECT ID FROM $wpdb->posts
WHERE post_type NOT IN ( 'attachment', '" . join( "', '", get_post_types( array( 'public' => false ) ) ) . "' )
)
" );
$_REQUEST['detached'] = 1;
}
$detached = isset( $_REQUEST['detached'] );
parent::WP_List_Table( array( parent::WP_List_Table( array(
'screen' => $detached ? 'upload-detached' : 'upload', 'screen' => $detached ? 'upload-detached' : 'upload',
'plural' => 'media' 'plural' => 'media'
) ); ) );
}
if ( 'normal' != $context ) function check_permissions() {
return; if ( !current_user_can('upload_files') )
wp_die( __( 'You do not have permission to upload files.' ) );
}
function prepare_items() {
global $lost, $wpdb, $wp_query, $post_mime_types, $avail_post_mime_types;
$q = $_REQUEST; $q = $_REQUEST;
@ -1357,7 +1352,7 @@ foreach ( $columns as $column_name => $column_display_name ) {
<?php <?php
} else { } else {
?> ?>
<td <?php echo $attributes ?>><?php _e( '( Unattached )' ); ?><br /> <td <?php echo $attributes ?>><?php _e( '(Unattached)' ); ?><br />
<a class="hide-if-no-js" onclick="findPosts.open( 'media[]','<?php echo $post->ID ?>' );return false;" href="#the-list"><?php _e( 'Attach' ); ?></a></td> <a class="hide-if-no-js" onclick="findPosts.open( 'media[]','<?php echo $post->ID ?>' );return false;" href="#the-list"><?php _e( 'Attach' ); ?></a></td>
<?php <?php
} }
@ -1502,19 +1497,10 @@ class WP_Terms_Table extends WP_List_Table {
var $callback_args; var $callback_args;
function WP_Terms_Table( $context = 'normal' ) { function WP_Terms_Table() {
global $post_type, $taxonomy, $tax, $current_screen; global $post_type, $taxonomy, $tax, $current_screen;
parent::WP_List_Table( array( wp_reset_vars( array( 'action', 'taxonomy', 'post_type' ) );
'screen' => $current_screen,
'plural' => 'tags',
'singular' => 'tag',
) );
if ( 'normal' != $context )
return;
wp_reset_vars( array( 'action', 'tag', 'taxonomy', 'post_type' ) );
if ( empty( $taxonomy ) ) if ( empty( $taxonomy ) )
$taxonomy = 'post_tag'; $taxonomy = 'post_tag';
@ -1524,12 +1510,31 @@ class WP_Terms_Table extends WP_List_Table {
$tax = get_taxonomy( $taxonomy ); $tax = get_taxonomy( $taxonomy );
if ( ! current_user_can( $tax->cap->manage_terms ) )
wp_die( __( 'Cheatin&#8217; uh?' ) );
if ( empty( $post_type ) || !in_array( $post_type, get_post_types( array( 'public' => true ) ) ) ) if ( empty( $post_type ) || !in_array( $post_type, get_post_types( array( 'public' => true ) ) ) )
$post_type = 'post'; $post_type = 'post';
if ( !isset( $current_screen ) )
set_current_screen( 'edit-' . $taxonomy );
parent::WP_List_Table( array(
'screen' => $current_screen,
'plural' => 'tags',
'singular' => 'tag',
) );
}
function check_permissions( $type = 'manage' ) {
global $tax;
$cap = 'manage' == $type ? $tax->cap->manage_terms : $tax->cap->edit_terms;
if ( !current_user_can( $tax->cap->manage_terms ) )
wp_die( __( 'Cheatin&#8217; uh?' ) );
}
function prepare_items() {
global $taxonomy;
$tags_per_page = (int) get_user_option( 'edit_' . $taxonomy . '_per_page' ); $tags_per_page = (int) get_user_option( 'edit_' . $taxonomy . '_per_page' );
if ( empty( $tags_per_page ) || $tags_per_page < 1 ) if ( empty( $tags_per_page ) || $tags_per_page < 1 )
@ -1851,17 +1856,21 @@ class WP_Terms_Table extends WP_List_Table {
class WP_Users_Table extends WP_List_Table { class WP_Users_Table extends WP_List_Table {
function WP_Users_Table( $context = 'normal' ) { function WP_Users_Table() {
global $role, $usersearch; global $role, $usersearch;
parent::WP_List_Table( array( parent::WP_List_Table( array(
'screen' => 'users', 'screen' => 'users',
'plural' => 'users' 'plural' => 'users'
) ); ) );
}
if ( 'normal' != $context ) function check_permissions() {
return; if ( !current_user_can('list_users') )
wp_die(__('Cheatin&#8217; uh?'));
}
function prepare_items() {
$usersearch = isset( $_REQUEST['s'] ) ? $_REQUEST['s'] : ''; $usersearch = isset( $_REQUEST['s'] ) ? $_REQUEST['s'] : '';
$role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : ''; $role = isset( $_REQUEST['role'] ) ? $_REQUEST['role'] : '';
@ -2089,21 +2098,25 @@ class WP_Users_Table extends WP_List_Table {
class WP_Comments_Table extends WP_List_Table { class WP_Comments_Table extends WP_List_Table {
function WP_Comments_Table( $context = 'normal' ) { function WP_Comments_Table() {
global $comments, $extra_comments, $total_comments, $post_id, $comment_status, $mode;
$mode = ( empty( $_REQUEST['mode'] ) ) ? 'detail' : $_REQUEST['mode'];
parent::WP_List_Table( array( parent::WP_List_Table( array(
'screen' => 'edit-comments', 'screen' => 'edit-comments',
'plural' => 'comments' 'plural' => 'comments'
) ); ) );
}
if ( 'normal' != $context ) function check_permissions() {
return; if ( !current_user_can('edit_posts') )
wp_die(__('Cheatin&#8217; uh?'));
}
function prepare_items() {
global $comments, $extra_comments, $total_comments, $post_id, $comment_status, $mode;
$post_id = isset( $_REQUEST['post_ID'] ) ? absint( $_REQUEST['post_ID'] ) : 0; $post_id = isset( $_REQUEST['post_ID'] ) ? absint( $_REQUEST['post_ID'] ) : 0;
$mode = ( empty( $_REQUEST['mode'] ) ) ? 'detail' : $_REQUEST['mode'];
$comment_status = isset( $_REQUEST['comment_status'] ) ? $_REQUEST['comment_status'] : 'all'; $comment_status = isset( $_REQUEST['comment_status'] ) ? $_REQUEST['comment_status'] : 'all';
if ( !in_array( $comment_status, array( 'all', 'moderated', 'approved', 'spam', 'trash' ) ) ) if ( !in_array( $comment_status, array( 'all', 'moderated', 'approved', 'spam', 'trash' ) ) )
$comment_status = 'all'; $comment_status = 'all';
@ -2508,6 +2521,18 @@ class WP_Comments_Table extends WP_List_Table {
class WP_Links_Table extends WP_List_Table { class WP_Links_Table extends WP_List_Table {
function WP_Links_Table() { function WP_Links_Table() {
parent::WP_List_Table( array(
'screen' => 'link-manager',
'plural' => 'bookmarks',
) );
}
function check_permissions() {
if ( ! current_user_can( 'manage_links' ) )
wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
}
function prepare_items() {
global $cat_id, $s, $orderby, $order; global $cat_id, $s, $orderby, $order;
wp_reset_vars( array( 'action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'orderby', 'order', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]', 's' ) ); wp_reset_vars( array( 'action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'orderby', 'order', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]', 's' ) );
@ -2524,12 +2549,7 @@ class WP_Links_Table extends WP_List_Table {
$args['order'] = $order; $args['order'] = $order;
$this->items = get_bookmarks( $args ); $this->items = get_bookmarks( $args );
}
parent::WP_List_Table( array(
'screen' => 'link-manager',
'plural' => 'bookmarks',
) );
}
function no_items() { function no_items() {
_e( 'No links found.' ); _e( 'No links found.' );
@ -2690,15 +2710,22 @@ class WP_Links_Table extends WP_List_Table {
class WP_Sites_Table extends WP_List_Table { class WP_Sites_Table extends WP_List_Table {
function WP_Sites_Table() { function WP_Sites_Table() {
parent::WP_List_Table( array(
'screen' => 'ms-sites',
'plural' => 'sites',
) );
}
function check_permissions() {
if ( ! current_user_can( 'manage_sites' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
}
function prepare_items() {
global $s, $mode, $wpdb; global $s, $mode, $wpdb;
$mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode']; $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
parent::WP_List_Table( array(
'callback' => 'site_rows',
'screen' => 'ms-sites',
) );
$pagenum = $this->get_pagenum(); $pagenum = $this->get_pagenum();
$per_page = (int) get_user_option( 'ms_sites_per_page' ); $per_page = (int) get_user_option( 'ms_sites_per_page' );
@ -2978,13 +3005,23 @@ class WP_Sites_Table extends WP_List_Table {
class WP_MS_Users_Table extends WP_List_Table { class WP_MS_Users_Table extends WP_List_Table {
function WP_MS_Users_Table() { function WP_MS_Users_Table() {
global $s, $mode, $wpdb;
$mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
parent::WP_List_Table( array( parent::WP_List_Table( array(
'screen' => 'ms-users', 'screen' => 'ms-users',
) ); ) );
}
function check_permissions() {
if ( !is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
}
function prepare_items() {
global $s, $mode, $wpdb;
$mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
$pagenum = $this->get_pagenum(); $pagenum = $this->get_pagenum();
@ -3201,24 +3238,31 @@ class WP_MS_Users_Table extends WP_List_Table {
class WP_Plugins_Table extends WP_List_Table { class WP_Plugins_Table extends WP_List_Table {
function WP_Plugins_Table() { function WP_Plugins_Table() {
global $status, $plugins, $totals, $page, $orderby, $order, $s;
parent::WP_List_Table( array( parent::WP_List_Table( array(
'screen' => 'plugins', 'screen' => 'plugins',
'plural' => 'plugins', 'plural' => 'plugins',
) ); ) );
}
function check_permissions() {
if ( is_multisite() ) {
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) ) {
if ( !is_super_admin() )
wp_die( __( 'Cheatin&#8217; uh?' ) );
}
}
if ( !current_user_can('activate_plugins') )
wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
}
function prepare_items() {
global $status, $plugins, $totals, $page, $orderby, $order, $s;
wp_reset_vars( array( 'orderby', 'order', 's' ) ); wp_reset_vars( array( 'orderby', 'order', 's' ) );
$default_status = get_user_option( 'plugins_last_view' );
if ( empty( $default_status ) )
$default_status = 'all';
$status = isset( $_REQUEST['plugin_status'] ) ? $_REQUEST['plugin_status'] : $default_status;
if ( !in_array( $status, array( 'all', 'active', 'inactive', 'recently_activated', 'upgrade', 'network', 'mustuse', 'dropins', 'search' ) ) )
$status = 'all';
if ( $status != $default_status && 'search' != $status )
update_user_meta( get_current_user_id(), 'plugins_last_view', $status );
$page = $this->get_pagenum(); $page = $this->get_pagenum();
$plugins = array( $plugins = array(
@ -3538,13 +3582,20 @@ class WP_Plugins_Table extends WP_List_Table {
class WP_Plugin_Install_Table extends WP_List_Table { class WP_Plugin_Install_Table extends WP_List_Table {
function WP_Plugin_Install_Table() { function WP_Plugin_Install_Table() {
include( ABSPATH . 'wp-admin/includes/plugin-install.php' );
global $tabs, $tab, $paged, $type, $term;
parent::WP_List_Table( array( parent::WP_List_Table( array(
'screen' => 'plugin-install', 'screen' => 'plugin-install',
) ); ) );
}
function check_permissions() {
if ( ! current_user_can('install_plugins') )
wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
}
function prepare_items() {
include( ABSPATH . 'wp-admin/includes/plugin-install.php' );
global $tabs, $tab, $paged, $type, $term;
wp_reset_vars( array( 'tab' ) ); wp_reset_vars( array( 'tab' ) );
@ -3743,6 +3794,17 @@ class WP_Plugin_Install_Table extends WP_List_Table {
class WP_Themes_Table extends WP_List_Table { class WP_Themes_Table extends WP_List_Table {
function WP_Themes_Table() { function WP_Themes_Table() {
parent::__construct( array(
'screen' => 'themes',
) );
}
function check_permissions() {
if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
wp_die( __( 'Cheatin&#8217; uh?' ) );
}
function prepare_items() {
global $ct; global $ct;
$ct = current_theme_info(); $ct = current_theme_info();
@ -3758,10 +3820,6 @@ class WP_Themes_Table extends WP_List_Table {
$this->items = array_slice( $themes, $start, $per_page ); $this->items = array_slice( $themes, $start, $per_page );
parent::__construct( array(
'screen' => 'themes',
) );
$this->set_pagination_args( array( $this->set_pagination_args( array(
'query_var' => 'pagenum', 'query_var' => 'pagenum',
'total_items' => count( $themes ), 'total_items' => count( $themes ),
@ -3885,14 +3943,21 @@ foreach ( $cols as $col => $theme_name ) {
class WP_Theme_Install_Table extends WP_List_Table { class WP_Theme_Install_Table extends WP_List_Table {
function WP_Theme_Install_Table() { function WP_Theme_Install_Table() {
include( ABSPATH . 'wp-admin/includes/theme-install.php' );
global $tabs, $tab, $paged, $type, $term, $theme_field_defaults;
parent::WP_List_Table( array( parent::WP_List_Table( array(
'screen' => 'theme-install', 'screen' => 'theme-install',
) ); ) );
}
function check_permissions() {
if ( ! current_user_can('install_themes') )
wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
}
function prepare_items() {
include( ABSPATH . 'wp-admin/includes/theme-install.php' );
global $tabs, $tab, $paged, $type, $term, $theme_field_defaults;
wp_reset_vars( array( 'tab' ) ); wp_reset_vars( array( 'tab' ) );
$paged = $this->get_pagenum(); $paged = $this->get_pagenum();

View File

@ -93,6 +93,28 @@ class WP_List_Table {
} }
} }
/**
* Checks the current user's permissions
* @uses wp_die()
*
* @since 3.1.0
* @access public
*/
function check_permissions() {
die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' );
}
/**
* Prepares the list of items for displaying.
* @uses WP_List_Table::set_pagination_args()
*
* @since 3.1.0
* @access public
*/
function prepare_items() {
die( 'function WP_List_Table::prepare_items() must be over-ridden in a sub-class.' );
}
/** /**
* An internal method that sets all the necessary pagination arguments * An internal method that sets all the necessary pagination arguments
* *
@ -568,6 +590,9 @@ class WP_List_Table {
* @access public * @access public
*/ */
function ajax_response() { function ajax_response() {
$this->check_permissions();
$this->prepare_items();
extract( $this->_args ); extract( $this->_args );
extract( $this->_pagination_args ); extract( $this->_pagination_args );

View File

@ -9,15 +9,17 @@
/** Load WordPress Administration Bootstrap */ /** Load WordPress Administration Bootstrap */
require_once ('admin.php'); require_once ('admin.php');
require_once( './includes/default-list-tables.php' );
$table = new WP_Links_Table;
$table->check_permissions();
// Handle bulk deletes // Handle bulk deletes
if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['linkcheck'] ) ) { if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['linkcheck'] ) ) {
check_admin_referer( 'bulk-bookmarks' ); check_admin_referer( 'bulk-bookmarks' );
$doaction = $_REQUEST['action'] ? $_REQUEST['action'] : $_REQUEST['action2']; $doaction = $_REQUEST['action'] ? $_REQUEST['action'] : $_REQUEST['action2'];
if ( ! current_user_can( 'manage_links' ) )
wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
if ( 'delete' == $doaction ) { if ( 'delete' == $doaction ) {
$bulklinks = (array) $_REQUEST['linkcheck']; $bulklinks = (array) $_REQUEST['linkcheck'];
foreach ( $bulklinks as $link_id ) { foreach ( $bulklinks as $link_id ) {
@ -33,9 +35,7 @@ if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['linkcheck'] ) ) {
exit; exit;
} }
require_once( './includes/default-list-tables.php' ); $table->prepare_items();
$table = new WP_Links_Table;
$title = __('Links'); $title = __('Links');
$this_file = $parent_file = 'link-manager.php'; $this_file = $parent_file = 'link-manager.php';

View File

@ -12,8 +12,10 @@ require_once( './admin.php' );
if ( ! is_multisite() ) if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) ); wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_sites' ) ) require_once( '../includes/default-list-tables.php' );
wp_die( __( 'You do not have permission to access this page.' ) );
$table = new WP_Sites_Table;
$table->check_permissions();
$title = __( 'Sites' ); $title = __( 'Sites' );
$parent_file = 'sites.php'; $parent_file = 'sites.php';
@ -348,9 +350,7 @@ switch ( $action ) {
// List sites // List sites
case 'list': case 'list':
default: default:
require_once( '../includes/default-list-tables.php' ); $table->prepare_items();
$table = new WP_Sites_Table;
require_once( '../admin-header.php' ); require_once( '../admin-header.php' );
?> ?>

View File

@ -9,11 +9,11 @@
require_once( './admin.php' ); require_once( './admin.php' );
if ( !is_multisite() ) require_once( '../includes/default-list-tables.php' );
wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network_users' ) ) $table = new WP_MS_Users_Table;
wp_die( __( 'You do not have permission to access this page.' ) ); $table->check_permissions();
$table->prepare_items();
$title = __( 'Users' ); $title = __( 'Users' );
$parent_file = 'users.php'; $parent_file = 'users.php';
@ -32,10 +32,6 @@ add_contextual_help($current_screen,
'<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>' '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
); );
require_once( '../includes/default-list-tables.php' );
$table = new WP_MS_Users_Table;
require_once( '../admin-header.php' ); require_once( '../admin-header.php' );
if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) { if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {

View File

@ -9,12 +9,11 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('./admin.php'); require_once('./admin.php');
if ( ! current_user_can('install_plugins') )
wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Plugin_Install_Table; $table = new WP_Plugin_Install_Table;
$table->check_permissions();
$table->prepare_items();
$title = __('Install Plugins'); $title = __('Install Plugins');
$parent_file = 'plugins.php'; $parent_file = 'plugins.php';

View File

@ -8,17 +8,11 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('./admin.php'); require_once('./admin.php');
if ( is_multisite() ) {
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) ) {
if ( ! is_super_admin() )
wp_die( __( 'Cheatin&#8217; uh?' ) );
}
}
if ( ! current_user_can( 'activate_plugins' ) ) require_once( ABSPATH . 'wp-admin/includes/default-list-tables.php' );
wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
$table = new WP_Plugins_Table;
$table->check_permissions();
if ( isset($_POST['clear-recent-list']) ) if ( isset($_POST['clear-recent-list']) )
$action = 'clear-recent-list'; $action = 'clear-recent-list';
@ -299,9 +293,16 @@ if ( !empty($action) ) {
} }
} }
require_once( ABSPATH . 'wp-admin/includes/default-list-tables.php' ); $default_status = get_user_option( 'plugins_last_view' );
if ( empty( $default_status ) )
$default_status = 'all';
$status = isset( $_REQUEST['plugin_status'] ) ? $_REQUEST['plugin_status'] : $default_status;
if ( !in_array( $status, array( 'all', 'active', 'inactive', 'recently_activated', 'upgrade', 'network', 'mustuse', 'dropins', 'search' ) ) )
$status = 'all';
if ( $status != $default_status && 'search' != $status )
update_user_meta( get_current_user_id(), 'plugins_last_view', $status );
$table = new WP_Plugins_Table; $table->prepare_items();
wp_enqueue_script('plugin-install'); wp_enqueue_script('plugin-install');
add_thickbox(); add_thickbox();

View File

@ -9,12 +9,11 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('./admin.php'); require_once('./admin.php');
if ( ! current_user_can('install_themes') )
wp_die(__('You do not have sufficient permissions to install themes on this site.'));
require_once( './includes/default-list-tables.php' ); require_once( './includes/default-list-tables.php' );
$table = new WP_Theme_Install_Table; $table = new WP_Theme_Install_Table;
$table->check_permissions();
$table->prepare_items();
$title = __('Install Themes'); $title = __('Install Themes');
$parent_file = 'themes.php'; $parent_file = 'themes.php';

View File

@ -9,8 +9,10 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('./admin.php'); require_once('./admin.php');
if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) require_once( './includes/default-list-tables.php' );
wp_die( __( 'Cheatin&#8217; uh?' ) );
$table = new WP_Themes_Table;
$table->check_permissions();
if ( current_user_can('switch_themes') && isset($_GET['action']) ) { if ( current_user_can('switch_themes') && isset($_GET['action']) ) {
if ( 'activate' == $_GET['action'] ) { if ( 'activate' == $_GET['action'] ) {
@ -28,9 +30,7 @@ if ( current_user_can('switch_themes') && isset($_GET['action']) ) {
} }
} }
require_once( './includes/default-list-tables.php' ); $table->prepare_items();
$table = new WP_Themes_Table;
$title = __('Manage Themes'); $title = __('Manage Themes');
$parent_file = 'themes.php'; $parent_file = 'themes.php';

View File

@ -9,11 +9,30 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once( './admin.php' ); require_once( './admin.php' );
if ( !current_user_can('upload_files') ) require_once( './includes/default-list-tables.php' );
wp_die(__('You do not have permission to upload files.'));
$table = new WP_Media_Table;
$table->check_permissions();
// Handle bulk actions // Handle bulk actions
if ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) { if ( isset($_REQUEST['find_detached']) ) {
check_admin_referer('bulk-media');
if ( !current_user_can('edit_posts') )
wp_die( __('You are not allowed to scan for lost attachments.') );
$lost = $wpdb->get_col( "
SELECT ID FROM $wpdb->posts
WHERE post_type = 'attachment' AND post_parent > '0'
AND post_parent NOT IN (
SELECT ID FROM $wpdb->posts
WHERE post_type NOT IN ( 'attachment', '" . join( "', '", get_post_types( array( 'public' => false ) ) ) . "' )
)
" );
$_REQUEST['detached'] = 1;
} elseif ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) {
check_admin_referer( 'bulk-media' ); check_admin_referer( 'bulk-media' );
$parent_id = (int) $_REQUEST['found_post_id']; $parent_id = (int) $_REQUEST['found_post_id'];
@ -111,9 +130,7 @@ if ( isset( $_REQUEST['found_post_id'] ) && isset( $_REQUEST['media'] ) ) {
exit; exit;
} }
require_once( './includes/default-list-tables.php' ); $table->prepare_items();
$table = new WP_Media_Table;
$title = __('Media Library'); $title = __('Media Library');
$parent_file = 'upload.php'; $parent_file = 'upload.php';

View File

@ -12,8 +12,10 @@ require_once( './admin.php' );
/** WordPress Registration API */ /** WordPress Registration API */
require_once( ABSPATH . WPINC . '/registration.php'); require_once( ABSPATH . WPINC . '/registration.php');
if ( !current_user_can('list_users') ) require_once( './includes/default-list-tables.php' );
wp_die(__('Cheatin&#8217; uh?'));
$table = new WP_Users_Table;
$table->check_permissions();
$title = __('Users'); $title = __('Users');
$parent_file = 'users.php'; $parent_file = 'users.php';
@ -306,9 +308,7 @@ default:
exit; exit;
} }
require_once( './includes/default-list-tables.php' ); $table->prepare_items();
$table = new WP_Users_Table;
include('./admin-header.php'); include('./admin-header.php');

View File

@ -2656,9 +2656,12 @@ function wp_nonce_ays( $action ) {
* @param string|array $args Optional arguements to control behaviour. * @param string|array $args Optional arguements to control behaviour.
*/ */
function wp_die( $message, $title = '', $args = array() ) { function wp_die( $message, $title = '', $args = array() ) {
if ( defined( 'DOING_AJAX' ) && DOING_AJAX )
die('-1');
if ( function_exists( 'apply_filters' ) ) { if ( function_exists( 'apply_filters' ) ) {
$function = apply_filters( 'wp_die_handler', '_default_wp_die_handler'); $function = apply_filters( 'wp_die_handler', '_default_wp_die_handler');
}else { } else {
$function = '_default_wp_die_handler'; $function = '_default_wp_die_handler';
} }