From 72380176dc82500e7047696e448af48ad1406759 Mon Sep 17 00:00:00 2001 From: Felix Arntz Date: Wed, 7 Dec 2016 22:09:42 +0000 Subject: [PATCH] Multisite: Remove redundant `is_super_admin()` when checking for `edit_others_posts`. The super admin on multisite as well as the administrator on non-multisite both have this capability already. For custom post types using different capabilities this change ensures that only users with that capability have permissions. Fixes #39059. See #37616. Built from https://develop.svn.wordpress.org/trunk@39539 git-svn-id: http://core.svn.wordpress.org/trunk@39479 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/edit-form-advanced.php | 5 ++--- wp-admin/includes/class-wp-posts-list-table.php | 2 +- wp-includes/version.php | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 803300f40d..852b88c792 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -308,9 +308,8 @@ if ( in_array( get_post_status( $post ), $stati ) ) { if ( ! ( 'pending' == get_post_status( $post ) && ! current_user_can( $post_type_object->cap->publish_posts ) ) ) add_meta_box('slugdiv', __('Slug'), 'post_slug_meta_box', null, 'normal', 'core'); -if ( post_type_supports($post_type, 'author') ) { - if ( is_super_admin() || current_user_can( $post_type_object->cap->edit_others_posts ) ) - add_meta_box('authordiv', __('Author'), 'post_author_meta_box', null, 'normal', 'core'); +if ( post_type_supports( $post_type, 'author' ) && current_user_can( $post_type_object->cap->edit_others_posts ) ) { + add_meta_box( 'authordiv', __( 'Author' ), 'post_author_meta_box', null, 'normal', 'core' ); } /** diff --git a/wp-admin/includes/class-wp-posts-list-table.php b/wp-admin/includes/class-wp-posts-list-table.php index ae0f2441fe..836eff7be4 100644 --- a/wp-admin/includes/class-wp-posts-list-table.php +++ b/wp-admin/includes/class-wp-posts-list-table.php @@ -1420,7 +1420,7 @@ class WP_Posts_List_Table extends WP_List_Table { if ( post_type_supports( $screen->post_type, 'author' ) ) : $authors_dropdown = ''; - if ( is_super_admin() || current_user_can( $post_type_object->cap->edit_others_posts ) ) : + if ( current_user_can( $post_type_object->cap->edit_others_posts ) ) : $users_opt = array( 'hide_if_only_one_author' => false, 'who' => 'authors', diff --git a/wp-includes/version.php b/wp-includes/version.php index 0ea0c48e98..32444fe0df 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.8-alpha-39538'; +$wp_version = '4.8-alpha-39539'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.