Add capability check to site importer

Add additional capability checks for menus
Bump plugin version

Author: sheabunge

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 1.9.1.1
+* Add capability check to site snippets importer
+
 ## 1.9.1
 * Use an icon font for menu icon instead of embedded SVG
 * Use Sass (libsass) instead of Compass

README.md

@@ -3,7 +3,7 @@
 
 * __Requires at least:__ [WordPress 3.3](http://wordpress.org/download/) or later
 * __Tested up to:__ WordPress 3.8
-* __Stable version:__ [1.9.1](http://downloads.wordpress.org/plugin/code-snippets.latest-stable.zip)
+* __Stable version:__ [1.9.1.1](http://downloads.wordpress.org/plugin/code-snippets.latest-stable.zip)
 * __License:__ [MIT](license.txt)
 
 An easy, clean and simple way to add code snippets to your site.

code-snippets.php

@@ -7,7 +7,7 @@
  * contribute to the localization, please see http://code-snippets.bungeshea.com
  *
  * @package   Code_Snippets
- * @version   1.9.1
+ * @version   1.9.1.1
  * @author    Shea Bunge <http://bungeshea.com/>
  * @copyright Copyright (c) 2012-2014, Shea Bunge
  * @link      http://code-snippets.bungeshea.com
@@ -20,7 +20,7 @@
 Description: An easy, clean and simple way to add code snippets to your site. No need to edit to your theme's functions.php file again!
 Author:      Shea Bunge
 Author URI:  http://bungeshea.com
-Version:     1.9.1
+Version:     1.9.1.1
 License:     MIT
 License URI: license.txt
 Text Domain: code-snippets
@@ -58,7 +58,7 @@ final class Code_Snippets {
 	 * @access public
 	 * @var    string A PHP-standardized version number string
 	 */
-	public $version = '1.9.1';
+	public $version = '1.9.1.1';
 
 	/**
 	 * Variables to hold plugin paths

includes/class-admin.php

@@ -164,16 +164,19 @@ function mu_menu_items( $menu_items ) {
 	 * @return void
 	 */
 	function load_importer() {
+		global $code_snippets;
 
-		if ( defined( 'WP_LOAD_IMPORTERS' ) ) {
+		/* Only register the importer if the current user can manage snippets */
+		if ( defined( 'WP_LOAD_IMPORTERS' ) && current_user_can( $code_snippets->get_cap() ) ) {
 
 			/* Load Importer API */
 			require_once ABSPATH . 'wp-admin/includes/import.php';
 
 			if ( ! class_exists( 'WP_Importer' ) ) {
 				$class_wp_importer = ABSPATH .  'wp-admin/includes/class-wp-importer.php';
-				if ( file_exists( $class_wp_importer ) )
+				if ( file_exists( $class_wp_importer ) ) {
 					require_once $class_wp_importer;
+				}
 			}
 
 			/* Register the Code Snippets importer with WordPress */
@@ -228,6 +231,22 @@ public function get_messages( $slug ) {
 		require $code_snippets->plugin_dir . "admin/messages/{$slug}.php";
 	}
 
+	/**
+	 * Check if the current user can manage snippets.
+	 * If not, display an error message
+	 *
+	 * @since  1.9.1.1
+	 * @access public
+	 * @return void
+	 */
+	public function check_perms() {
+		global $code_snippets;
+
+		if ( ! current_user_can( $code_snippets->get_cap() ) ) {
+			wp_die( __( 'You are not access this page.', 'code-snippets' ) );
+		}
+	}
+
 	/**
 	 * Add the dashboard admin menu and subpages
 	 *
@@ -350,6 +369,9 @@ function load_admin_icon_style() {
 	function load_manage_menu() {
 		global $code_snippets;
 
+		/* Make sure the user has permission to be here */
+		$this->check_perms();
+
 		/* Create the snippet tables if they don't exist */
 		$code_snippets->maybe_create_tables( true, true );
 
@@ -376,6 +398,9 @@ function load_single_menu() {
 		global $code_snippets;
 		$screen = get_current_screen();
 
+		/* Make sure the user has permission to be here */
+		$this->check_perms();
+
 		/* Create the snippet tables if they don't exist */
 		$code_snippets->maybe_create_tables( true, true );
 
@@ -561,6 +586,9 @@ function single_menu_enqueue_scripts( $hook ) {
 	function load_import_menu() {
 		global $code_snippets;
 
+		/* Make sure the user has permission to be here */
+		$this->check_perms();
+
 		/* Create the snippet tables if they don't exist */
 		$code_snippets->maybe_create_tables( true, true );
 

readme.txt

@@ -4,7 +4,7 @@ Donate link: http://code-snippets.bungeshea.com/donate/
 Tags: code-snippets, snippets, code, php, network, multisite
 Requires at least: 3.3
 Tested up to: 3.8
-Stable tag: 1.9.1
+Stable tag: 1.9.1.1
 License: MIT
 License URI: license.txt
 
@@ -120,6 +120,9 @@ That's fantastic! Join me on [GitHub](https://github.com/bungeshea/code-snippets
 
 == Changelog ==
 
+= 1.9.1.1
+* Add capability check to site snippets importer
+
 = 1.9.1 =
 * Use an icon font for menu icon instead of embedded SVG
 * Use Sass (libsass) instead of Compass
@@ -268,6 +271,9 @@ Plugin updates will be posted on the [plugin's homepage](http://code-snippets.bu
 
 == Upgrade Notice ==
 
+= 1.9.1.1 =
+Add capability check to snippets importer
+
 = 1.9.1 =
 UI improvements for WordPress 3.8