WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do proper caps check when processing bulk edited posts, and hide the checkbox on the Page edit page for users who lack permissions. props ocean90 

git-svn-id: http://svn.automattic.com/wordpress/trunk@15032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2010-05-28 15:49:13 +00:00
parent 165495d292
commit 8cf0dd0eaa
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-admin/includes/post.php
View File

@ -299,8 +299,9 @@ function bulk_edit_posts( $post_data = null ) {
$updated = $skipped = $locked = array(); $updated = $skipped = $locked = array();
foreach ( $post_IDs as $post_ID ) { foreach ( $post_IDs as $post_ID ) {
$post_type_object = get_post_type_object( get_post_type( $post_ID ) );
if ( isset($children) && in_array($post_ID, $children) ) { if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
$skipped[] = $post_ID; $skipped[] = $post_ID;
continue; continue;
} }

2
wp-admin/includes/template.php
View File

@ -1529,7 +1529,7 @@ foreach ( $posts_columns as $column_name => $column_display_name ) {
case 'cb': case 'cb':
?> ?>
<th scope="row" class="check-column"><input type="checkbox" name="post[]" value="<?php the_ID(); ?>" /></th> <th scope="row" class="check-column"><?php if ( current_user_can( $post_type_object->cap->edit_post, $page->ID ) ) { ?><input type="checkbox" name="post[]" value="<?php the_ID(); ?>" /><?php } ?></th>
<?php <?php
break; break;
case 'date': case 'date':