WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add a create_posts check to _wp_translate_postdata(). Move the edit_post check to the top of the function. 

Props nacin
fixes #22417


git-svn-id: http://core.svn.wordpress.org/trunk@22950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Ryan Boren 2012-11-30 14:03:47 +00:00
parent 0924e6facd
commit ea3e47bc08
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
wp-admin/includes/post.php
View File

@ -26,6 +26,20 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
if ( $update ) if ( $update )
$post_data['ID'] = (int) $post_data['post_ID']; $post_data['ID'] = (int) $post_data['post_ID'];
$ptype = get_post_type_object( $post_data['post_type'] );
if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
if ( 'page' == $post_data['post_type'] )
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
else
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
} elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) {
if ( 'page' == $post_data['post_type'] )
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
else
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
}
if ( isset( $post_data['content'] ) ) if ( isset( $post_data['content'] ) )
$post_data['post_content'] = $post_data['content']; $post_data['post_content'] = $post_data['content'];
@ -51,26 +65,14 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
} }
} }
$ptype = get_post_type_object( $post_data['post_type'] ); if ( ! $update && isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) { && ! current_user_can( $ptype->cap->edit_others_posts ) ) {
if ( $update ) {
if ( ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) { if ( 'page' == $post_data['post_type'] )
if ( 'page' == $post_data['post_type'] ) {
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
} else {
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
}
}
} else {
if ( ! current_user_can( $ptype->cap->edit_others_posts ) ) {
if ( 'page' == $post_data['post_type'] ) {
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
} else { else
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) ); return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
} }
}
}
}
// What to do based on which button they pressed // What to do based on which button they pressed
if ( isset($post_data['saveasdraft']) && '' != $post_data['saveasdraft'] ) if ( isset($post_data['saveasdraft']) && '' != $post_data['saveasdraft'] )