Better checks for contributors when saving posts.
Merges [27976] from the 3.8 branch to the 3.7 branch. props dd32, kovshenin, plocha. fixes #27452. Built from https://develop.svn.wordpress.org/branches/3.7@27977 git-svn-id: http://core.svn.wordpress.org/branches/3.7@27807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin
parent
1d299753ff
commit
c322ca97ad
|
|
@ -832,7 +832,7 @@ class WP_Posts_List_Table extends WP_List_Table {
|
|||
<?php if ( !$bulk ) echo $authors_dropdown;
|
||||
endif; // post_type_supports author
|
||||
|
||||
if ( !$bulk ) :
|
||||
if ( !$bulk && $can_publish ) :
|
||||
?>
|
||||
|
||||
<div class="inline-edit-group">
|
||||
|
|
|
|||
|
|
@ -100,6 +100,10 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
|
|||
$post_id = false;
|
||||
$previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
|
||||
|
||||
if ( isset( $post_data['post_status'] ) && 'private' == $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) {
|
||||
$post_data['post_status'] = $previous_status ? $previous_status : 'pending';
|
||||
}
|
||||
|
||||
$published_statuses = array( 'publish', 'future' );
|
||||
|
||||
// Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published.
|
||||
|
|
@ -111,6 +115,10 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
|
|||
if ( ! isset($post_data['post_status']) )
|
||||
$post_data['post_status'] = $previous_status;
|
||||
|
||||
if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) {
|
||||
unset( $post_data['post_password'] );
|
||||
}
|
||||
|
||||
if (!isset( $post_data['comment_status'] ))
|
||||
$post_data['comment_status'] = 'closed';
|
||||
|
||||
|
|
@ -170,6 +178,14 @@ function edit_post( $post_data = null ) {
|
|||
$post_data['post_type'] = $post->post_type;
|
||||
$post_data['post_mime_type'] = $post->post_mime_type;
|
||||
|
||||
if ( ! empty( $post_data['post_status'] ) ) {
|
||||
$post_data['post_status'] = sanitize_key( $post_data['post_status'] );
|
||||
|
||||
if ( 'inherit' == $post_data['post_status'] ) {
|
||||
unset( $post_data['post_status'] );
|
||||
}
|
||||
}
|
||||
|
||||
$ptype = get_post_type_object($post_data['post_type']);
|
||||
if ( !current_user_can( 'edit_post', $post_ID ) ) {
|
||||
if ( 'page' == $post_data['post_type'] )
|
||||
|
|
@ -187,9 +203,6 @@ function edit_post( $post_data = null ) {
|
|||
_wp_upgrade_revisions_of_post( $post, wp_get_post_revisions( $post_ID ) );
|
||||
}
|
||||
|
||||
$post_data = _wp_translate_postdata( true, $post_data );
|
||||
if ( is_wp_error($post_data) )
|
||||
wp_die( $post_data->get_error_message() );
|
||||
if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
|
||||
$post_data['post_status'] = 'draft';
|
||||
}
|
||||
|
|
@ -210,6 +223,10 @@ function edit_post( $post_data = null ) {
|
|||
}
|
||||
}
|
||||
|
||||
$post_data = _wp_translate_postdata( true, $post_data );
|
||||
if ( is_wp_error($post_data) )
|
||||
wp_die( $post_data->get_error_message() );
|
||||
|
||||
// Post Formats
|
||||
if ( isset( $post_data['post_format'] ) )
|
||||
set_post_format( $post_ID, $post_data['post_format'] );
|
||||
|
|
@ -332,6 +349,14 @@ function bulk_edit_posts( $post_data = null ) {
|
|||
}
|
||||
unset($post_data['_status']);
|
||||
|
||||
if ( ! empty( $post_data['post_status'] ) ) {
|
||||
$post_data['post_status'] = sanitize_key( $post_data['post_status'] );
|
||||
|
||||
if ( 'inherit' == $post_data['post_status'] ) {
|
||||
unset( $post_data['post_status'] );
|
||||
}
|
||||
}
|
||||
|
||||
$post_IDs = array_map( 'intval', (array) $post_data['post'] );
|
||||
|
||||
$reset = array(
|
||||
|
|
@ -422,10 +447,25 @@ function bulk_edit_posts( $post_data = null ) {
|
|||
unset( $post_data['tax_input']['category'] );
|
||||
}
|
||||
|
||||
$post_data['post_type'] = $post->post_type;
|
||||
$post_data['post_mime_type'] = $post->post_mime_type;
|
||||
$post_data['guid'] = $post->guid;
|
||||
|
||||
foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
|
||||
if ( ! isset( $post_data[ $field ] ) ) {
|
||||
$post_data[ $field ] = $post->$field;
|
||||
}
|
||||
}
|
||||
|
||||
$post_data['ID'] = $post_ID;
|
||||
$post_data['post_ID'] = $post_ID;
|
||||
|
||||
$post_data = _wp_translate_postdata( true, $post_data );
|
||||
if ( is_wp_error( $post_data ) ) {
|
||||
$skipped[] = $post_ID;
|
||||
continue;
|
||||
}
|
||||
|
||||
$updated[] = wp_update_post( $post_data );
|
||||
|
||||
if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) {
|
||||
|
|
@ -569,10 +609,6 @@ function wp_write_post() {
|
|||
if ( isset( $_POST['post_ID'] ) )
|
||||
return edit_post();
|
||||
|
||||
$translated = _wp_translate_postdata( false );
|
||||
if ( is_wp_error($translated) )
|
||||
return $translated;
|
||||
|
||||
if ( isset($_POST['visibility']) ) {
|
||||
switch ( $_POST['visibility'] ) {
|
||||
case 'public' :
|
||||
|
|
@ -589,6 +625,10 @@ function wp_write_post() {
|
|||
}
|
||||
}
|
||||
|
||||
$translated = _wp_translate_postdata( false );
|
||||
if ( is_wp_error($translated) )
|
||||
return $translated;
|
||||
|
||||
// Create the post.
|
||||
$post_ID = wp_insert_post( $_POST );
|
||||
if ( is_wp_error( $post_ID ) )
|
||||
|
|
|
|||
Loading…
Reference in New Issue