Quick Edit can unintentionally alter post author
|Reported by:||sojweb||Owned by:||sojweb|
|Severity:||normal||Keywords:||has-patch 2nd-opinion needs-testing|
If a user authors a post, and that user's role is later switched to something that doesn't have edit capabilities, using quick edit on their post will switch the author to a different user. This shouldn't happen.
- Create a test user with edit privileges
- Create post and set that user as the author
- Change that user's role to Subscriber
- Do a quick edit on the user's post
- The author of that post is always set to the user who did the quick edit
The problem is that, if the user no longer has edit privileges, they are left off the dropdown list of authors, but the blank field is filled in with the current user in _wp_translate_postdata(). The solution is a simple check in admin-ajax.php that fills in the field with the post author if it is blank.
Change History (7)
- Keywords 2nd-opinion added; changes author removed
- Milestone changed from Unassigned to 2.8
- Version set to 2.7