vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-07 14:14:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Role/Capability: Introduce capabilities dedicated to installing and updating language files.

Browse Source 
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.


git-svn-id: https://develop.svn.wordpress.org/trunk@41268 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Felix Arntz
2017-08-18 18:30:28 +00:00
parent c56dd07a30
commit f16b2a650e
9 changed files with 68 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/wp-admin/update-core.php
View File

@@ -19,7 +19,7 @@ if ( is_multisite() && ! is_network_admin() ) {
exit();
}
if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_themes' ) && ! current_user_can( 'update_plugins' ) )
if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_themes' ) && ! current_user_can( 'update_plugins' ) && ! current_user_can( 'update_languages' ) )
wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
/**
@@ -608,15 +608,19 @@ if ( 'upgrade-core' == $action ) {
echo ' &nbsp; <a class="button" href="' . esc_url( self_admin_url('update-core.php?force-check=1') ) . '">' . __( 'Check Again' ) . '</a>';
echo '</p>';
if ( $core = current_user_can( 'update_core' ) )
if ( current_user_can( 'update_core' ) ) {
core_upgrade_preamble();
if ( $plugins = current_user_can( 'update_plugins' ) )
}
if ( current_user_can( 'update_plugins' ) ) {
list_plugin_updates();
if ( $themes = current_user_can( 'update_themes' ) )
}
if ( current_user_can( 'update_themes' ) ) {
list_theme_updates();
if ( $core || $plugins || $themes )
}
if ( current_user_can( 'update_languages' ) ) {
list_translation_updates();
unset( $core, $plugins, $themes );
}
/**
* Fires after the core, plugin, and theme update tables.
*
@@ -729,7 +733,7 @@ if ( 'upgrade-core' == $action ) {
} elseif ( 'do-translation-upgrade' == $action ) {
if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_plugins' ) && ! current_user_can( 'update_themes' ) )
if ( ! current_user_can( 'update_languages' ) )
wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
check_admin_referer( 'upgrade-translations' );