Check for publish caps when editing via xmlrpc.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
1f09b04793
commit
b5a124634e
24
xmlrpc.php
24
xmlrpc.php
|
@ -846,6 +846,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
|
|
||||||
extract($actual_post);
|
extract($actual_post);
|
||||||
|
|
||||||
|
if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
|
||||||
|
return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
|
||||||
|
|
||||||
$post_title = xmlrpc_getposttitle($content);
|
$post_title = xmlrpc_getposttitle($content);
|
||||||
$post_category = xmlrpc_getpostcategory($content);
|
$post_category = xmlrpc_getpostcategory($content);
|
||||||
$post_content = xmlrpc_removepostdata($content);
|
$post_content = xmlrpc_removepostdata($content);
|
||||||
|
@ -1072,12 +1075,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
}
|
}
|
||||||
|
|
||||||
set_current_user(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
if ( !current_user_can('edit_post', $post_ID) )
|
|
||||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
|
||||||
|
|
||||||
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
|
||||||
extract($postdata);
|
|
||||||
$this->escape($postdata);
|
|
||||||
|
|
||||||
// The post_type defaults to post, but could also be page.
|
// The post_type defaults to post, but could also be page.
|
||||||
$post_type = "post";
|
$post_type = "post";
|
||||||
|
@ -1088,6 +1085,14 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
$post_type = "page";
|
$post_type = "page";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Edit page caps are checked in editPage. Just check post here.
|
||||||
|
if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) )
|
||||||
|
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||||
|
|
||||||
|
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
||||||
|
extract($postdata);
|
||||||
|
$this->escape($postdata);
|
||||||
|
|
||||||
// Let WordPress manage slug if none was provided.
|
// Let WordPress manage slug if none was provided.
|
||||||
$post_name = "";
|
$post_name = "";
|
||||||
if(!empty($content_struct["wp_slug"])) {
|
if(!empty($content_struct["wp_slug"])) {
|
||||||
|
@ -1159,6 +1164,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
$post_more = $content_struct['mt_text_more'];
|
$post_more = $content_struct['mt_text_more'];
|
||||||
$post_status = $publish ? 'publish' : 'draft';
|
$post_status = $publish ? 'publish' : 'draft';
|
||||||
|
|
||||||
|
if ( ('publish' == $post_status) ) {
|
||||||
|
if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') )
|
||||||
|
return new IXR_Error(401, 'Sorry, you do not have the right to publish this page.');
|
||||||
|
else if ( !current_user_can('publish_posts') )
|
||||||
|
return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
|
||||||
|
}
|
||||||
|
|
||||||
if ($post_more) {
|
if ($post_more) {
|
||||||
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
|
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue