X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/98a4d31e52bd56c908617df281730bd4ba58d110..refs/tags/wordpress-2.8.3:/wp-admin/plugins.php

diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 5a22807e..1cdcbf91 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('activate_plugins') )
+	wp_die(__('You do not have sufficient permissions to manage plugins for this blog.'));
+
 if ( isset($_POST['clear-recent-list']) )
 	$action = 'clear-recent-list';
 elseif ( !empty($_REQUEST['action']) )
@@ -37,6 +40,9 @@ $_SERVER['REQUEST_URI'] = remove_query_arg(array('error', 'deleted', 'activate',
 if ( !empty($action) ) {
 	switch ( $action ) {
 		case 'activate':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+
 			check_admin_referer('activate-plugin_' . $plugin);
 
 			$result = activate_plugin($plugin, 'plugins.php?error=true&plugin=' . $plugin);
@@ -53,6 +59,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'activate-selected':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+			
 			check_admin_referer('bulk-manage-plugins');
 
 			$plugins = (array) $_POST['checked'];
@@ -75,6 +84,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'error_scrape':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+
 			check_admin_referer('plugin-activation-error_' . $plugin);
 
 			$valid = validate_plugin($plugin);
@@ -88,6 +100,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'deactivate':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
+
 			check_admin_referer('deactivate-plugin_' . $plugin);
 			deactivate_plugins($plugin);
 			update_option('recently_activated', array($plugin => time()) + (array)get_option('recently_activated'));
@@ -95,6 +110,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'deactivate-selected':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
+
 			check_admin_referer('bulk-manage-plugins');
 
 			$plugins = (array) $_POST['checked'];