Revisions should require same caps as parents for read/edit/delete
|Reported by:||ejdanderson||Owned by:||markjaquith|
Description (last modified by aaroncampbell)
wp_post_revision_title is displaying the post edit link based off of a user's edit_post capability for the revision post type, not it's parent's post type.
The issue resides in the get_edit_post_link method, where it checks on the given post type's capability.
I've attached a simple fix.
EDIT: It seems that revisions always use (read|edit|delete)_post for cap checks even if the post-type of their parent uses something custom. This results in users that are able to read/edit/delete revisions of posts that they don't have caps to read/edit/delete
Change History (13)
comment:7 aaroncampbell — 2 years ago
- Description modified (diff)
- Summary changed from wp_post_revision_title capabilities to Revisions should require same caps as parents for read/edit/delete