mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-04 09:10:06 +00:00
Theme Customizer: Block non-existent or non-allowed themes, unless the non-allowed theme is the active theme. Support a user having edit_theme_options xor switch_themes. fixes #20852.
git-svn-id: https://develop.svn.wordpress.org/trunk@21010 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -125,21 +125,25 @@ class WP_Themes_List_Table extends WP_List_Table {
|
||||
$version = $theme->display('Version');
|
||||
$author = $theme->display('Author');
|
||||
|
||||
$activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $template );
|
||||
$activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $stylesheet );
|
||||
|
||||
$preview_link = esc_url( add_query_arg(
|
||||
array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => true, 'TB_iframe' => 'true' ),
|
||||
home_url( '/' ) ) );
|
||||
|
||||
$actions = array();
|
||||
$actions[] = '<a href="' . $activate_link . '" class="activatelink" title="'
|
||||
$actions['activate'] = '<a href="' . $activate_link . '" class="activatelink" title="'
|
||||
. esc_attr( sprintf( __( 'Activate “%s”' ), $title ) ) . '">' . __( 'Activate' ) . '</a>';
|
||||
$actions[] = '<a href="' . $preview_link . '" class="hide-if-customize" title="'
|
||||
. esc_attr( sprintf( __( 'Preview “%s”' ), $title ) ) . '">' . __( 'Preview' ) . '</a>'
|
||||
. '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">'
|
||||
. __( 'Live Preview' ) . '</a>';
|
||||
|
||||
$actions['preview'] = '<a href="' . $preview_link . '" class="hide-if-customize" title="'
|
||||
. esc_attr( sprintf( __( 'Preview “%s”' ), $title ) ) . '">' . __( 'Preview' ) . '</a>';
|
||||
|
||||
if ( current_user_can( 'edit_theme_options' ) )
|
||||
$actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">'
|
||||
. __( 'Live Preview' ) . '</a>';
|
||||
|
||||
if ( ! is_multisite() && current_user_can( 'delete_themes' ) )
|
||||
$actions['delete'] = '<a class="submitdelete deletion" href="' . wp_nonce_url( "themes.php?action=delete&template=$stylesheet", 'delete-theme_' . $stylesheet )
|
||||
$actions['delete'] = '<a class="submitdelete deletion" href="' . wp_nonce_url( "themes.php?action=delete&stylesheet=$stylesheet", 'delete-theme_' . $stylesheet )
|
||||
. '" onclick="' . "return confirm( '" . esc_js( sprintf( __( "You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete." ), $title ) )
|
||||
. "' );" . '">' . __( 'Delete' ) . '</a>';
|
||||
|
||||
|
||||
@@ -11,19 +11,19 @@
|
||||
*
|
||||
* @since 2.8.0
|
||||
*
|
||||
* @param string $template Template directory of the theme to delete
|
||||
* @param string $stylesheet Stylesheet of the theme to delete
|
||||
* @param string $redirect Redirect to page when complete.
|
||||
* @return mixed
|
||||
*/
|
||||
function delete_theme($template, $redirect = '') {
|
||||
function delete_theme($stylesheet, $redirect = '') {
|
||||
global $wp_filesystem;
|
||||
|
||||
if ( empty($template) )
|
||||
if ( empty($stylesheet) )
|
||||
return false;
|
||||
|
||||
ob_start();
|
||||
if ( empty( $redirect ) )
|
||||
$redirect = wp_nonce_url('themes.php?action=delete&template=' . $template, 'delete-theme_' . $template);
|
||||
$redirect = wp_nonce_url('themes.php?action=delete&stylesheet=' . $stylesheet, 'delete-theme_' . $stylesheet);
|
||||
if ( false === ($credentials = request_filesystem_credentials($redirect)) ) {
|
||||
$data = ob_get_contents();
|
||||
ob_end_clean();
|
||||
@@ -61,11 +61,11 @@ function delete_theme($template, $redirect = '') {
|
||||
return new WP_Error('fs_no_themes_dir', __('Unable to locate WordPress theme directory.'));
|
||||
|
||||
$themes_dir = trailingslashit( $themes_dir );
|
||||
$theme_dir = trailingslashit($themes_dir . $template);
|
||||
$theme_dir = trailingslashit($themes_dir . $stylesheet);
|
||||
$deleted = $wp_filesystem->delete($theme_dir, true);
|
||||
|
||||
if ( ! $deleted )
|
||||
return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $template) );
|
||||
return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $stylesheet) );
|
||||
|
||||
// Force refresh of theme update information
|
||||
delete_site_transient('update_themes');
|
||||
|
||||
Reference in New Issue
Block a user