From b3322a96047603a079ada9a1870435e3c17fea7a Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Fri, 9 Jan 2015 21:06:13 +0000 Subject: [PATCH] In `Custom_Background` and `Custom_Header`: * In `->init()`, don't check `current_user_can()` since `add_theme_page()` will return `false` immediately if the cap check fails. * Bail if `add_theme_page()` returns `false` * `wp_check_filetype_and_ext()` doesn't need a 3rd param, it already defaults to `null`. Passing `false` would fail a strict check. See #30799. git-svn-id: https://develop.svn.wordpress.org/trunk@31116 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/custom-background.php | 19 +++++++++++-------- src/wp-admin/custom-header.php | 24 +++++++++++++----------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/src/wp-admin/custom-background.php b/src/wp-admin/custom-background.php index 8fb1901c25..f2eca8507d 100644 --- a/src/wp-admin/custom-background.php +++ b/src/wp-admin/custom-background.php @@ -125,17 +125,20 @@ class Custom_Background { * @since 3.0.0 */ public function init() { - if ( ! current_user_can('edit_theme_options') ) + $page = add_theme_page( __( 'Background' ), __( 'Background' ), 'edit_theme_options', 'custom-background', array( $this, 'admin_page' ) ); + if ( ! $page ) { return; + } - $this->page = $page = add_theme_page(__('Background'), __('Background'), 'edit_theme_options', 'custom-background', array($this, 'admin_page')); + $this->page = $page; - add_action("load-$page", array($this, 'admin_load')); - add_action("load-$page", array($this, 'take_action'), 49); - add_action("load-$page", array($this, 'handle_upload'), 49); + add_action( "load-$page", array( $this, 'admin_load' ) ); + add_action( "load-$page", array( $this, 'take_action' ), 49 ); + add_action( "load-$page", array( $this, 'handle_upload' ), 49 ); - if ( $this->admin_header_callback ) - add_action("admin_head-$page", $this->admin_header_callback, 51); + if ( $this->admin_header_callback ) { + add_action( "admin_head-$page", $this->admin_header_callback, 51 ); + } } /** @@ -427,7 +430,7 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) ) $overrides = array('test_form' => false); $uploaded_file = $_FILES['import']; - $wp_filetype = wp_check_filetype_and_ext( $uploaded_file['tmp_name'], $uploaded_file['name'], false ); + $wp_filetype = wp_check_filetype_and_ext( $uploaded_file['tmp_name'], $uploaded_file['name'] ); if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) wp_die( __( 'The uploaded file is not a valid image. Please try again.' ) ); diff --git a/src/wp-admin/custom-header.php b/src/wp-admin/custom-header.php index e72e7ae2ba..7ca5dc21c2 100644 --- a/src/wp-admin/custom-header.php +++ b/src/wp-admin/custom-header.php @@ -143,19 +143,21 @@ class Custom_Image_Header { * @since 2.1.0 */ public function init() { - if ( ! current_user_can('edit_theme_options') ) + $page = add_theme_page( __( 'Header' ), __( 'Header' ), 'edit_theme_options', 'custom-header', array( $this, 'admin_page' ) ); + if ( ! $page ) { return; + } - $this->page = $page = add_theme_page(__('Header'), __('Header'), 'edit_theme_options', 'custom-header', array($this, 'admin_page')); - - add_action("admin_print_scripts-$page", array($this, 'js_includes')); - add_action("admin_print_styles-$page", array($this, 'css_includes')); - add_action("admin_head-$page", array($this, 'help') ); - add_action("admin_head-$page", array($this, 'take_action'), 50); - add_action("admin_head-$page", array($this, 'js'), 50); - if ( $this->admin_header_callback ) - add_action("admin_head-$page", $this->admin_header_callback, 51); + $this->page = $page; + add_action( "admin_print_scripts-$page", array( $this, 'js_includes' ) ); + add_action( "admin_print_styles-$page", array( $this, 'css_includes' ) ); + add_action( "admin_head-$page", array( $this, 'help' ) ); + add_action( "admin_head-$page", array( $this, 'take_action' ), 50 ); + add_action( "admin_head-$page", array( $this, 'js' ), 50 ); + if ( $this->admin_header_callback ) { + add_action( "admin_head-$page", $this->admin_header_callback, 51 ); + } } /** @@ -862,7 +864,7 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> $overrides = array('test_form' => false); $uploaded_file = $_FILES['import']; - $wp_filetype = wp_check_filetype_and_ext( $uploaded_file['tmp_name'], $uploaded_file['name'], false ); + $wp_filetype = wp_check_filetype_and_ext( $uploaded_file['tmp_name'], $uploaded_file['name'] ); if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) wp_die( __( 'The uploaded file is not a valid image. Please try again.' ) );