Ticket #13905: 13905.diff
File 13905.diff, 2.8 KB (added by , 9 years ago) |
---|
-
src/wp-includes/capabilities-functions.php
47 47 case 'delete_post': 48 48 case 'delete_page': 49 49 $post = get_post( $args[0] ); 50 if ( ! $post ) { 51 $caps[] = 'do_not_allow'; 52 break; 53 } 50 54 51 55 if ( 'revision' == $post->post_type ) { 52 56 $post = get_post( $post->post_parent ); 57 if ( ! $post ) { 58 $caps[] = 'do_not_allow'; 59 break; 60 } 53 61 } 54 62 55 63 $post_type = get_post_type_object( $post->post_type ); … … 97 105 case 'edit_post': 98 106 case 'edit_page': 99 107 $post = get_post( $args[0] ); 100 if ( empty( $post )) {108 if ( ! $post ) { 101 109 $caps[] = 'do_not_allow'; 102 110 break; 103 111 } … … 104 112 105 113 if ( 'revision' == $post->post_type ) { 106 114 $post = get_post( $post->post_parent ); 115 if ( ! $post ) { 116 $caps[] = 'do_not_allow'; 117 break; 118 } 107 119 } 108 120 109 121 $post_type = get_post_type_object( $post->post_type ); … … 149 161 case 'read_post': 150 162 case 'read_page': 151 163 $post = get_post( $args[0] ); 164 if ( ! $post ) { 165 $caps[] = 'do_not_allow'; 166 break; 167 } 152 168 153 169 if ( 'revision' == $post->post_type ) { 154 170 $post = get_post( $post->post_parent ); 171 if ( ! $post ) { 172 $caps[] = 'do_not_allow'; 173 break; 174 } 155 175 } 156 176 157 177 $post_type = get_post_type_object( $post->post_type ); … … 186 206 break; 187 207 case 'publish_post': 188 208 $post = get_post( $args[0] ); 209 if ( ! $post ) { 210 $caps[] = 'do_not_allow'; 211 break; 212 } 213 189 214 $post_type = get_post_type_object( $post->post_type ); 190 215 if ( ! $post_type ) { 191 216 /* translators: 1: post type, 2: capability name */ … … 200 225 case 'delete_post_meta': 201 226 case 'add_post_meta': 202 227 $post = get_post( $args[0] ); 228 if ( ! $post ) { 229 $caps[] = 'do_not_allow'; 230 break; 231 } 232 203 233 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); 204 234 205 235 $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; … … 229 259 break; 230 260 case 'edit_comment': 231 261 $comment = get_comment( $args[0] ); 232 if ( empty( $comment ) ) 262 if ( ! $comment ) { 263 $caps[] = 'do_not_allow'; 233 264 break; 265 } 266 234 267 $post = get_post( $comment->comment_post_ID ); 235 268 236 269 /* -
tests/phpunit/tests/user/mapMetaCap.php
37 37 parent::tearDown(); 38 38 } 39 39 40 /** 41 * @ticket 13905 42 */ 43 function test_capability_type_post_with_invalid_id() { 44 $this->assertEquals( array( 'do_not_allow' ), 45 map_meta_cap( 'edit_post', $this->user_id, $this->post_id + 1 ) ); 46 } 47 40 48 function test_capability_type_post_with_no_extra_caps() { 41 49 42 50 register_post_type( $this->post_type, array(