From 33c782abeba64279c7f93b5205a696d2cfef4b24 Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Fri, 13 Nov 2020 16:55:48 +0000
Subject: [PATCH] Upgrade/Install: Ensure the current user can update core when
 saving the auto-update options.

See #51742.

git-svn-id: https://develop.svn.wordpress.org/trunk@49593 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/update-core.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wp-admin/update-core.php b/src/wp-admin/update-core.php
index dfd7b06a5a..5a4a8d369f 100644
--- a/src/wp-admin/update-core.php
+++ b/src/wp-admin/update-core.php
@@ -1205,6 +1205,11 @@ if ( 'upgrade-core' === $action ) {
 	require_once ABSPATH . 'wp-admin/admin-footer.php';
 
 } elseif ( 'core-major-auto-updates-settings' === $action ) {
+
+	if ( ! current_user_can( 'update_core' ) ) {
+		wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
+	}
+
 	$redirect_url = self_admin_url( 'update-core.php' );
 
 	if ( isset( $_GET['value'] ) ) {