Use assign_terms cap for tag search and tag cloud in admin ajax. fixes #15437.

git-svn-id: http://svn.automattic.com/wordpress/trunk@16771 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-ajax.php

@@ -66,16 +66,19 @@ case 'fetch-list' :
 	die( '0' );
 	break;
 case 'ajax-tag-search' :
-	if ( !current_user_can( 'edit_posts' ) )
+	if ( isset( $_GET['tax'] ) ) {
-		die('-1');
+		$taxonomy = sanitize_key( $_GET['tax'] );
+		$tax = get_taxonomy( $taxonomy );
+		if ( ! $tax )
+			die( '0' );
+		if ( ! current_user_can( $tax->cap->assign_terms ) )
+			die( '-1' );
+	} else {
+		die('0');
+	}
 
 	$s = $_GET['q']; // is this slashed already?
 
-	if ( isset($_GET['tax']) )
-		$taxonomy = sanitize_title($_GET['tax']);
-	else
-		die('0');
-
 	if ( false !== strpos( $s, ',' ) ) {
 		$s = explode( ',', $s );
 		$s = $s[count( $s ) - 1];
@@ -547,23 +550,24 @@ case 'add-tag' :
 	$x->send();
 	break;
 case 'get-tagcloud' :
-	if ( !current_user_can( 'edit_posts' ) )
+	if ( isset( $_POST['tax'] ) ) {
-		die('-1');
+		$taxonomy = sanitize_key( $_POST['tax'] );
-
+		$tax = get_taxonomy( $taxonomy );
-	if ( isset($_POST['tax']) )
+		if ( ! $tax )
-		$taxonomy = sanitize_title($_POST['tax']);
+			die( '0' );
-	else
+		if ( ! current_user_can( $tax->cap->assign_terms ) )
+			die( '-1' );
+	} else {
 		die('0');
+	}
 
 	$tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
 
-	if ( empty( $tags ) ) {
+	if ( empty( $tags ) )
-		$tax = get_taxonomy( $taxonomy );
 		die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
-	}
 
-	if ( is_wp_error($tags) )
+	if ( is_wp_error( $tags ) )
-		die($tags->get_error_message());
+		die( $tags->get_error_message() );
 
 	foreach ( $tags as $key => $tag ) {
 		$tags[ $key ]->link = '#';