Ticket #4404 (closed defect (bug): fixed)

Opened 5 years ago

Last modified 5 years ago

Add 'edit_posts' capability check to metaWeblog.newPost in XML-RPC

Reported by: josephscott Owned by: anonymous
Priority: normal Milestone: 2.2.1
Component: XML-RPC Version: 2.2
Severity: normal Keywords:
Cc:

Description

A user with the role of Contributor should be allowed to save a post, but not publish one. The metaWeblog.newPost method was not correctly checking this.

The attached diff corrects this issue.

This problem was discovered by Wei-Yeh Lee.

Attachments

xmlrpc.php-diff Download (544 bytes) - added by josephscott 5 years ago.

Change History

josephscott5 years ago

comment:1   ryan5 years ago

  • Version set to 2.2

+1 for 2.2 and trunk

comment:2   ryan5 years ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [5650]) Add 'edit_posts' capability check to metaWeblog.newPost. Props Joseph Scott and Wei-Yeh Lee. fixes #4404 for 2.2

comment:3   ryan5 years ago

(In [5651]) Add 'edit_posts' capability check to metaWeblog.newPost. Props Joseph Scott and Wei-Yeh Lee. fixes #4404 for 2.3

Note: See TracTickets for help on using tickets.