sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Posting: Improve the capability checking _wp_translate_postdata() when updating posts.

Browse Source 
* Use the specific post_type's 'edit_post' cap
* Pass the ID of the post being edited.

Fixes #22417


git-svn-id: https://develop.svn.wordpress.org/trunk@22769 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Peter Westwood 2012-11-21 16:34:57 +00:00
parent 9a2033cabc
commit ebb921d018
1 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
wp-admin/includes/post.php
View File

@ -53,17 +53,21 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
$ptype = get_post_type_object( $post_data['post_type'] );
if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) {
if ( !current_user_can( $ptype->cap->edit_others_posts ) ) {
if ( 'page' == $post_data['post_type'] ) {
return new WP_Error( 'edit_others_pages', $update ?
__( 'You are not allowed to edit pages as this user.' ) :
__( 'You are not allowed to create pages as this user.' )
);
} else {
return new WP_Error( 'edit_others_posts', $update ?
__( 'You are not allowed to edit posts as this user.' ) :
__( 'You are not allowed to create posts as this user.' )
);
if ( $update ) {
if ( ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
if ( 'page' == $post_data['post_type'] ) {
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
} else {
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
}
}
} else {
if ( ! current_user_can( $ptype->cap->edit_others_posts ) ) {
if ( 'page' == $post_data['post_type'] ) {
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
} else {
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
}
}
}
}