* Avoid notices in `tests/ajax/Autosave` by bailing early when `get_post()` returns nothing.
* Check for the existence of `$_POST['catslist']` before using it in `wp_ajax_autosave()`. See #25282. Built from https://develop.svn.wordpress.org/trunk@25430 git-svn-id: http://core.svn.wordpress.org/trunk@25354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
a93aa0cb5c
commit
e8c656a045
|
@ -1047,7 +1047,8 @@ function wp_ajax_autosave() {
|
|||
|
||||
check_ajax_referer( 'autosave', 'autosavenonce' );
|
||||
|
||||
$_POST['post_category'] = explode(",", $_POST['catslist']);
|
||||
if ( ! empty( $_POST['catslist'] ) )
|
||||
$_POST['post_category'] = explode( ',', $_POST['catslist'] );
|
||||
if ( $_POST['post_type'] == 'page' || empty( $_POST['post_category'] ) )
|
||||
unset( $_POST['post_category'] );
|
||||
|
||||
|
@ -1058,17 +1059,15 @@ function wp_ajax_autosave() {
|
|||
$post_id = (int) $_POST['post_id'];
|
||||
$_POST['ID'] = $_POST['post_ID'] = $post_id;
|
||||
$post = get_post( $post_id );
|
||||
if ( empty( $post->ID ) || ! current_user_can( 'edit_post', $post->ID ) )
|
||||
wp_die( __( 'You are not allowed to edit this post.' ) );
|
||||
|
||||
if ( 'page' == $post->post_type && ! current_user_can( 'edit_page', $post->ID ) )
|
||||
wp_die( __( 'You are not allowed to edit this page.' ) );
|
||||
|
||||
if ( 'auto-draft' == $post->post_status )
|
||||
$_POST['post_status'] = 'draft';
|
||||
|
||||
if ( 'page' == $post->post_type ) {
|
||||
if ( !current_user_can('edit_page', $post->ID) )
|
||||
wp_die( __( 'You are not allowed to edit this page.' ) );
|
||||
} else {
|
||||
if ( !current_user_can('edit_post', $post->ID) )
|
||||
wp_die( __( 'You are not allowed to edit this post.' ) );
|
||||
}
|
||||
|
||||
if ( ! empty( $_POST['autosave'] ) ) {
|
||||
if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
|
||||
// Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
|
||||
|
|
Loading…
Reference in New Issue