* Avoid notices in tests/ajax/Autosave
by bailing early when get_post()
returns nothing.
* Check for the existence of `$_POST['catslist']` before using it in `wp_ajax_autosave()`. See #25282. git-svn-id: https://develop.svn.wordpress.org/trunk@25430 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
1a621e7615
commit
ac23d53402
@ -1047,9 +1047,10 @@ function wp_ajax_autosave() {
|
|||||||
|
|
||||||
check_ajax_referer( 'autosave', 'autosavenonce' );
|
check_ajax_referer( 'autosave', 'autosavenonce' );
|
||||||
|
|
||||||
$_POST['post_category'] = explode(",", $_POST['catslist']);
|
if ( ! empty( $_POST['catslist'] ) )
|
||||||
if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
|
$_POST['post_category'] = explode( ',', $_POST['catslist'] );
|
||||||
unset($_POST['post_category']);
|
if ( $_POST['post_type'] == 'page' || empty( $_POST['post_category'] ) )
|
||||||
|
unset( $_POST['post_category'] );
|
||||||
|
|
||||||
$data = '';
|
$data = '';
|
||||||
$supplemental = array();
|
$supplemental = array();
|
||||||
@ -1057,18 +1058,16 @@ function wp_ajax_autosave() {
|
|||||||
|
|
||||||
$post_id = (int) $_POST['post_id'];
|
$post_id = (int) $_POST['post_id'];
|
||||||
$_POST['ID'] = $_POST['post_ID'] = $post_id;
|
$_POST['ID'] = $_POST['post_ID'] = $post_id;
|
||||||
$post = get_post($post_id);
|
$post = get_post( $post_id );
|
||||||
|
if ( empty( $post->ID ) || ! current_user_can( 'edit_post', $post->ID ) )
|
||||||
|
wp_die( __( 'You are not allowed to edit this post.' ) );
|
||||||
|
|
||||||
|
if ( 'page' == $post->post_type && ! current_user_can( 'edit_page', $post->ID ) )
|
||||||
|
wp_die( __( 'You are not allowed to edit this page.' ) );
|
||||||
|
|
||||||
if ( 'auto-draft' == $post->post_status )
|
if ( 'auto-draft' == $post->post_status )
|
||||||
$_POST['post_status'] = 'draft';
|
$_POST['post_status'] = 'draft';
|
||||||
|
|
||||||
if ( 'page' == $post->post_type ) {
|
|
||||||
if ( !current_user_can('edit_page', $post->ID) )
|
|
||||||
wp_die( __( 'You are not allowed to edit this page.' ) );
|
|
||||||
} else {
|
|
||||||
if ( !current_user_can('edit_post', $post->ID) )
|
|
||||||
wp_die( __( 'You are not allowed to edit this post.' ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ! empty( $_POST['autosave'] ) ) {
|
if ( ! empty( $_POST['autosave'] ) ) {
|
||||||
if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
|
if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
|
||||||
// Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
|
// Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
|
||||||
|
Loading…
Reference in New Issue
Block a user