From ebb921d01880ab93b31838e0504997e876b2252e Mon Sep 17 00:00:00 2001
From: Peter Westwood <westi@git.wordpress.org>
Date: Wed, 21 Nov 2012 16:34:57 +0000
Subject: [PATCH] Posting: Improve the capability checking
 _wp_translate_postdata() when updating posts.

* Use the specific post_type's 'edit_post' cap
* Pass the ID of the post being edited.

Fixes #22417


git-svn-id: https://develop.svn.wordpress.org/trunk@22769 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/includes/post.php | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index e91d08b423..1311068b7f 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -53,17 +53,21 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 
 	$ptype = get_post_type_object( $post_data['post_type'] );
 	if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) {
-		if ( !current_user_can( $ptype->cap->edit_others_posts ) ) {
-			if ( 'page' == $post_data['post_type'] ) {
-				return new WP_Error( 'edit_others_pages', $update ?
-					__( 'You are not allowed to edit pages as this user.' ) :
-					__( 'You are not allowed to create pages as this user.' )
-				);
-			} else {
-				return new WP_Error( 'edit_others_posts', $update ?
-					__( 'You are not allowed to edit posts as this user.' ) :
-					__( 'You are not allowed to create posts as this user.' )
-				);
+		if ( $update ) {
+			if ( ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
+				if ( 'page' == $post_data['post_type'] ) {
+					return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
+				} else {
+					return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
+				}
+			}
+		} else {
+			if ( ! current_user_can( $ptype->cap->edit_others_posts )  ) {
+				if ( 'page' == $post_data['post_type'] ) {
+					return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
+				} else {
+					return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
+				}
 			}
 		}
 	}