Check for publish caps when editing via xmlrpc.

git-svn-id: http://svn.automattic.com/wordpress/trunk@5074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-03-21 22:15:20 +00:00
parent 1f09b04793
commit b5a124634e
1 changed files with 18 additions and 6 deletions

View File

@ -846,6 +846,9 @@ class wp_xmlrpc_server extends IXR_Server {
extract($actual_post); extract($actual_post);
if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
$post_title = xmlrpc_getposttitle($content); $post_title = xmlrpc_getposttitle($content);
$post_category = xmlrpc_getpostcategory($content); $post_category = xmlrpc_getpostcategory($content);
$post_content = xmlrpc_removepostdata($content); $post_content = xmlrpc_removepostdata($content);
@ -1072,12 +1075,6 @@ class wp_xmlrpc_server extends IXR_Server {
} }
set_current_user(0, $user_login); set_current_user(0, $user_login);
if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.');
$postdata = wp_get_single_post($post_ID, ARRAY_A);
extract($postdata);
$this->escape($postdata);
// The post_type defaults to post, but could also be page. // The post_type defaults to post, but could also be page.
$post_type = "post"; $post_type = "post";
@ -1088,6 +1085,14 @@ class wp_xmlrpc_server extends IXR_Server {
$post_type = "page"; $post_type = "page";
} }
// Edit page caps are checked in editPage. Just check post here.
if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.');
$postdata = wp_get_single_post($post_ID, ARRAY_A);
extract($postdata);
$this->escape($postdata);
// Let WordPress manage slug if none was provided. // Let WordPress manage slug if none was provided.
$post_name = ""; $post_name = "";
if(!empty($content_struct["wp_slug"])) { if(!empty($content_struct["wp_slug"])) {
@ -1159,6 +1164,13 @@ class wp_xmlrpc_server extends IXR_Server {
$post_more = $content_struct['mt_text_more']; $post_more = $content_struct['mt_text_more'];
$post_status = $publish ? 'publish' : 'draft'; $post_status = $publish ? 'publish' : 'draft';
if ( ('publish' == $post_status) ) {
if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') )
return new IXR_Error(401, 'Sorry, you do not have the right to publish this page.');
else if ( !current_user_can('publish_posts') )
return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
}
if ($post_more) { if ($post_more) {
$post_content = $post_content . "\n<!--more-->\n" . $post_more; $post_content = $post_content . "\n<!--more-->\n" . $post_more;
} }