Ticket #13905: 13905.4.diff
File 13905.4.diff, 2.9 KB (added by , 9 years ago) |
---|
-
src/wp-includes/capabilities.php
1144 1144 case 'delete_post': 1145 1145 case 'delete_page': 1146 1146 $post = get_post( $args[0] ); 1147 if ( ! $post ) { 1148 $caps[] = 'do_not_allow'; 1149 break; 1150 } 1147 1151 1148 1152 if ( 'revision' == $post->post_type ) { 1149 1153 $post = get_post( $post->post_parent ); 1154 if ( ! $post ) { 1155 $caps[] = 'do_not_allow'; 1156 break; 1157 } 1150 1158 } 1151 1159 1152 1160 $post_type = get_post_type_object( $post->post_type ); … … 1188 1196 case 'edit_post': 1189 1197 case 'edit_page': 1190 1198 $post = get_post( $args[0] ); 1191 if ( empty( $post )) {1199 if ( ! $post ) { 1192 1200 $caps[] = 'do_not_allow'; 1193 1201 break; 1194 1202 } 1195 1203 1196 1204 if ( 'revision' == $post->post_type ) { 1197 1205 $post = get_post( $post->post_parent ); 1206 if ( ! $post ) { 1207 $caps[] = 'do_not_allow'; 1208 break; 1209 } 1198 1210 } 1199 1211 1200 1212 $post_type = get_post_type_object( $post->post_type ); … … 1234 1246 case 'read_post': 1235 1247 case 'read_page': 1236 1248 $post = get_post( $args[0] ); 1249 if ( ! $post ) { 1250 $caps[] = 'do_not_allow'; 1251 break; 1252 } 1237 1253 1238 1254 if ( 'revision' == $post->post_type ) { 1239 1255 $post = get_post( $post->post_parent ); 1256 if ( ! $post ) { 1257 $caps[] = 'do_not_allow'; 1258 break; 1259 } 1240 1260 } 1241 1261 1242 1262 $post_type = get_post_type_object( $post->post_type ); … … 1265 1285 break; 1266 1286 case 'publish_post': 1267 1287 $post = get_post( $args[0] ); 1288 if ( ! $post ) { 1289 $caps[] = 'do_not_allow'; 1290 break; 1291 } 1292 1268 1293 $post_type = get_post_type_object( $post->post_type ); 1269 1294 1270 1295 $caps[] = $post_type->cap->publish_posts; … … 1273 1298 case 'delete_post_meta': 1274 1299 case 'add_post_meta': 1275 1300 $post = get_post( $args[0] ); 1301 if ( ! $post ) { 1302 $caps[] = 'do_not_allow'; 1303 break; 1304 } 1305 1276 1306 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); 1277 1307 1278 1308 $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; … … 1302 1332 break; 1303 1333 case 'edit_comment': 1304 1334 $comment = get_comment( $args[0] ); 1305 if ( empty( $comment ) ) 1335 if ( ! $comment ) { 1336 $caps[] = 'do_not_allow'; 1306 1337 break; 1338 } 1339 1307 1340 $post = get_post( $comment->comment_post_ID ); 1341 if ( ! $post ) { 1342 $caps[] = 'do_not_allow'; 1343 break; 1344 } 1345 1308 1346 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); 1309 1347 break; 1310 1348 case 'unfiltered_upload': -
tests/phpunit/tests/user/mapMetaCap.php
37 37 parent::tearDown(); 38 38 } 39 39 40 /** 41 * @ticket 13905 42 */ 43 function test_capability_type_post_with_invalid_id() { 44 $this->assertEquals( array( 'do_not_allow' ), 45 map_meta_cap( 'edit_post', $this->user_id, $this->post_id + 1 ) ); 46 } 47 40 48 function test_capability_type_post_with_no_extra_caps() { 41 49 42 50 register_post_type( $this->post_type, array(