Context Navigation

Changeset 5627

Timestamp:

03/06/2015 04:16:31 PM (11 years ago)

Author:

johnjamesjacoby

Message:

Add capability checks to admin-area ajax methods. Props jdgrimes. (trunk)

Location:

trunk/src/includes/admin

Files:

-                      r5566
+                      r5627
+        }
+        // Bail if user cannot moderate - only moderators can change hierarchy
+        if ( ! current_user_can( 'moderate' ) ) {
+            wp_die( '0' );
+        }
         // Check the ajax nonce
         check_ajax_referer( 'bbp_suggest_topic_nonce' );
 …
         // Bail early if no request
         if ( empty( $_REQUEST['q'] ) ) {
+            wp_die( '0' );
+        }
+        // Bail if user cannot moderate - only moderators can change authorship
+        if ( ! current_user_can( 'moderate' ) ) {
             wp_die( '0' );
+        }

-                      r5571
+                      r5627
      */
     public function process_callback() {
+        // Bail if user cannot view import page
+        if ( ! current_user_can( 'bbp_tools_import_page' ) ) {
+            wp_die( '0' );
+        }
         // Verify intent

Note: See TracChangeset for help on using the changeset viewer.