Use correct cap checks and nonces for custom post_type's
git-svn-id: http://svn.automattic.com/wordpress/trunk@13786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
dd32
parent
adf8dd3743
commit
68445ab030
|
|
@ -14,8 +14,7 @@ function post_submit_meta_box($post) {
|
|||
|
||||
$post_type = $post->post_type;
|
||||
$post_type_object = get_post_type_object($post_type);
|
||||
$type_cap = $post_type_object->capability_type;
|
||||
$can_publish = current_user_can("publish_${type_cap}s");
|
||||
$can_publish = current_user_can($post_type_object->publish_cap);
|
||||
?>
|
||||
<div class="submitbox" id="submitpost">
|
||||
|
||||
|
|
@ -194,7 +193,7 @@ if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
|
|||
<?php do_action('post_submitbox_start'); ?>
|
||||
<div id="delete-action">
|
||||
<?php
|
||||
if ( current_user_can( "delete_${type_cap}", $post->ID ) ) {
|
||||
if ( current_user_can( "delete_post", $post->ID ) ) {
|
||||
if ( !EMPTY_TRASH_DAYS ) {
|
||||
$delete_url = wp_nonce_url( add_query_arg( array('action' => 'delete', 'post' => $post->ID) ), "delete-${post_type}_{$post->ID}" );
|
||||
$delete_text = __('Delete Permanently');
|
||||
|
|
@ -407,7 +406,7 @@ function post_comment_status_meta_box($post) {
|
|||
}
|
||||
|
||||
/**
|
||||
* Displa comments for post table header
|
||||
* Display comments for post table header
|
||||
*
|
||||
* @since 3.0
|
||||
*
|
||||
|
|
|
|||
|
|
@ -863,9 +863,10 @@ function inline_edit_row( $screen ) {
|
|||
foreach ( $taxonomy_names as $taxonomy_name ) {
|
||||
$taxonomy = get_taxonomy( $taxonomy_name);
|
||||
|
||||
if( !$taxonomy->show_ui ) continue;
|
||||
if ( !$taxonomy->show_ui )
|
||||
continue;
|
||||
|
||||
if( $taxonomy->hierarchical )
|
||||
if ( $taxonomy->hierarchical )
|
||||
$hierarchical_taxonomies[] = $taxonomy;
|
||||
else
|
||||
$flat_taxonomies[] = $taxonomy;
|
||||
|
|
@ -875,7 +876,6 @@ function inline_edit_row( $screen ) {
|
|||
$hidden = array_intersect( array_keys( $columns ), array_filter( get_hidden_columns($screen) ) );
|
||||
$col_count = count($columns) - count($hidden);
|
||||
$m = ( isset($mode) && 'excerpt' == $mode ) ? 'excerpt' : 'list';
|
||||
// @todo use capability_type
|
||||
$can_publish = current_user_can($post_type_object->publish_cap);
|
||||
$core_columns = array( 'cb' => true, 'date' => true, 'title' => true, 'categories' => true, 'tags' => true, 'comments' => true, 'author' => true );
|
||||
|
||||
|
|
@ -1561,11 +1561,11 @@ foreach ( $posts_columns as $column_name => $column_display_name ) {
|
|||
}
|
||||
if ( current_user_can($post_type_object->delete_cap, $page->ID) ) {
|
||||
if ( $post->post_status == 'trash' )
|
||||
$actions['untrash'] = "<a title='" . esc_attr(__('Remove this page from the Trash')) . "' href='" . wp_nonce_url("post.php?post_type=$post_type&action=untrash&post=$page->ID", 'untrash-page_' . $page->ID) . "'>" . __('Restore') . "</a>";
|
||||
$actions['untrash'] = "<a title='" . esc_attr(__('Remove this page from the Trash')) . "' href='" . wp_nonce_url("post.php?post_type=$post_type&action=untrash&post=$page->ID", 'untrash-' . $post->post_type . '_' . $page->ID) . "'>" . __('Restore') . "</a>";
|
||||
elseif ( EMPTY_TRASH_DAYS )
|
||||
$actions['trash'] = "<a class='submitdelete' title='" . esc_attr(__('Move this page to the Trash')) . "' href='" . get_delete_post_link($page->ID) . "'>" . __('Trash') . "</a>";
|
||||
if ( $post->post_status == 'trash' || !EMPTY_TRASH_DAYS )
|
||||
$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page permanently')) . "' href='" . wp_nonce_url("post.php?post_type=$post_type&action=delete&post=$page->ID", 'delete-page_' . $page->ID) . "'>" . __('Delete Permanently') . "</a>";
|
||||
$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page permanently')) . "' href='" . wp_nonce_url("post.php?post_type=$post_type&action=delete&post=$page->ID", 'delete-' . $post->post_type . '_' . $page->ID) . "'>" . __('Delete Permanently') . "</a>";
|
||||
}
|
||||
if ( in_array($post->post_status, array('pending', 'draft')) ) {
|
||||
if ( current_user_can($post_type_object->edit_cap, $page->ID) )
|
||||
|
|
|
|||
|
|
@ -810,7 +810,7 @@ function map_meta_cap( $cap, $user_id ) {
|
|||
$post = get_post( $args[0] );
|
||||
$post_type = get_post_type_object( $post->post_type );
|
||||
if ( $post_type && 'post' != $post_type->capability_type ) {
|
||||
$args = array_merge( array( 'delete_' . $post_type->capability_type, $user_id ), $args );
|
||||
$args = array_merge( array( $post_type->delete_cap, $user_id ), $args );
|
||||
return call_user_func_array( 'map_meta_cap', $args );
|
||||
}
|
||||
|
||||
|
|
@ -887,7 +887,7 @@ function map_meta_cap( $cap, $user_id ) {
|
|||
$post = get_post( $args[0] );
|
||||
$post_type = get_post_type_object( $post->post_type );
|
||||
if ( $post_type && 'post' != $post_type->capability_type ) {
|
||||
$args = array_merge( array( 'edit_' . $post_type->capability_type, $user_id ), $args );
|
||||
$args = array_merge( array( $post_type->edit_cap, $user_id ), $args );
|
||||
return call_user_func_array( 'map_meta_cap', $args );
|
||||
}
|
||||
$post_author_data = get_userdata( $post->post_author );
|
||||
|
|
@ -946,7 +946,7 @@ function map_meta_cap( $cap, $user_id ) {
|
|||
$post = get_post( $args[0] );
|
||||
$post_type = get_post_type_object( $post->post_type );
|
||||
if ( $post_type && 'post' != $post_type->capability_type ) {
|
||||
$args = array_merge( array( 'read_' . $post_type->capability_type, $user_id ), $args );
|
||||
$args = array_merge( array( $post_type->read_cap, $user_id ), $args );
|
||||
return call_user_func_array( 'map_meta_cap', $args );
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue