Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add download_file capability and security check

This commit is contained in:
Illimar Tambek 2013-09-06 19:38:06 +03:00
parent 0a7137e747
commit 3c22c486f8
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/class-wc-download-handler.php
View File

@ -72,7 +72,7 @@ class WC_Download_Handler {
if ( ! is_user_logged_in() ) if ( ! is_user_logged_in() )
wp_die( __( 'You must be logged in to download files.', 'woocommerce' ) . ' <a href="' . wp_login_url( get_permalink( woocommerce_get_page_id( 'myaccount' ) ) ) . '">' . __( 'Login &rarr;', 'woocommerce' ) . '</a>', __( 'Log in to Download Files', 'woocommerce' ) ); wp_die( __( 'You must be logged in to download files.', 'woocommerce' ) . ' <a href="' . wp_login_url( get_permalink( woocommerce_get_page_id( 'myaccount' ) ) ) . '">' . __( 'Login &rarr;', 'woocommerce' ) . '</a>', __( 'Log in to Download Files', 'woocommerce' ) );
elseif ( $user_id != get_current_user_id() ) elseif ( !current_user_can( 'download_file', $download_result ) )
wp_die( __( 'This is not your download link.', 'woocommerce' ) ); wp_die( __( 'This is not your download link.', 'woocommerce' ) );
} }

9
includes/wc-customer-functions.php
View File

@ -309,6 +309,15 @@ function woocommerce_customer_has_capability( $allcaps, $caps, $args ) {
$allcaps['cancel_order'] = true; $allcaps['cancel_order'] = true;
break; break;
case 'download_file':
$user_id = $args[1];
$download = $args[2]
if ( $user_id == $download->user_id )
$allcaps['download_file'] = true;
break;
} }
} }
return $allcaps; return $allcaps;