sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Introduce permission checks for post queries and edit links in the At a Glance dashboard widget. Fixes #27132. Props mattheu.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@27596 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2014-03-18 22:43:41 +00:00
parent 975c953322
commit f850186eff
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/wp-admin/includes/dashboard.php
View File

@ -429,9 +429,15 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) { function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
$GLOBALS['comment'] =& $comment; $GLOBALS['comment'] =& $comment;
$comment_post_url = get_edit_post_link( $comment->comment_post_ID );
$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
$comment_post_url = get_edit_post_link( $comment->comment_post_ID );
$comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>"; $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
} else {
$comment_post_link = $comment_post_title;
}
$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>'; $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
$actions_string = ''; $actions_string = '';
@ -580,7 +586,8 @@ function wp_dashboard_recent_posts( $args ) {
'order' => $args['order'], 'order' => $args['order'],
'posts_per_page' => intval( $args['max'] ), 'posts_per_page' => intval( $args['max'] ),
'no_found_rows' => true, 'no_found_rows' => true,
'cache_results' => false 'cache_results' => false,
'perm' => ( 'future' === $args['status'] ) ? 'editable' : 'readable',
); );
$posts = new WP_Query( $query_args ); $posts = new WP_Query( $query_args );
@ -609,9 +616,16 @@ function wp_dashboard_recent_posts( $args ) {
$relative = date_i18n( __( 'M jS' ), $time ); $relative = date_i18n( __( 'M jS' ), $time );
} }
$text = sprintf( if ( current_user_can( 'edit_post', get_the_ID() ) ) {
/* translators: 1: relative date, 2: time, 3: post edit link, 4: post title */
$format = __( '<span>%1$s, %2$s</span> <a href="%3$s">%4$s</a>' );
} else {
/* translators: 1: relative date, 2: time, 4: post title */ /* translators: 1: relative date, 2: time, 4: post title */
__( '<span>%1$s, %2$s</span> <a href="%3$s">%4$s</a>' ), $format = __( '<span>%1$s, %2$s</span> %4$s' );
}
$text = sprintf(
$format,
$relative, $relative,
get_the_time(), get_the_time(),
get_edit_post_link(), get_edit_post_link(),