Ticket #13905: check-object-existence-in-caps-logic.13905.diff
| File check-object-existence-in-caps-logic.13905.diff, 9.5 KB (added by , 15 years ago) |
|---|
-
wp-includes/capabilities.php
819 819 break; 820 820 case 'delete_post': 821 821 $author_data = get_userdata( $user_id ); 822 //echo "post ID: {$args[0]}<br />";823 822 $post = get_post( $args[0] ); 824 $post_type = get_post_type_object( $post->post_type ); 825 if ( $post_type && 'post' != $post_type->capability_type ) { 826 $args = array_merge( array( $post_type->cap->delete_post, $user_id ), $args ); 827 return call_user_func_array( 'map_meta_cap', $args ); 828 } 823 if ( ! empty( $post->ID ) ) { 824 $post_type = get_post_type_object( $post->post_type ); 825 if ( $post_type && 'post' != $post_type->capability_type ) { 826 $args = array_merge( array( $post_type->cap->delete_post, $user_id ), $args ); 827 return call_user_func_array( 'map_meta_cap', $args ); 828 } 829 829 830 if ( '' != $post->post_author ) {831 $post_author_data = get_userdata( $post->post_author );832 } else {833 //No author set yet so default to current user for cap checks834 $post_author_data = $author_data;835 }830 if ( '' != $post->post_author ) { 831 $post_author_data = get_userdata( $post->post_author ); 832 } else { 833 //No author set yet so default to current user for cap checks 834 $post_author_data = $author_data; 835 } 836 836 837 // If the user is the author... 838 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) { 839 // If the post is published... 840 if ( 'publish' == $post->post_status ) { 841 $caps[] = 'delete_published_posts'; 842 } elseif ( 'trash' == $post->post_status ) { 843 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 837 // If the user is the author... 838 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) { 839 // If the post is published... 840 if ( 'publish' == $post->post_status ) { 844 841 $caps[] = 'delete_published_posts'; 842 } elseif ( 'trash' == $post->post_status ) { 843 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 844 $caps[] = 'delete_published_posts'; 845 } else { 846 // If the post is draft... 847 $caps[] = 'delete_posts'; 848 } 845 849 } else { 846 // If the post is draft... 847 $caps[] = 'delete_posts'; 850 // The user is trying to edit someone else's post. 851 $caps[] = 'delete_others_posts'; 852 // The post is published, extra cap required. 853 if ( 'publish' == $post->post_status ) 854 $caps[] = 'delete_published_posts'; 855 elseif ( 'private' == $post->post_status ) 856 $caps[] = 'delete_private_posts'; 848 857 } 849 } else {850 // The user is trying to edit someone else's post.851 $caps[] = 'delete_others_posts';852 // The post is published, extra cap required.853 if ( 'publish' == $post->post_status )854 $caps[] = 'delete_published_posts';855 elseif ( 'private' == $post->post_status )856 $caps[] = 'delete_private_posts';857 858 } 858 859 break; 859 860 case 'delete_page': … … 896 897 // edit_others_posts 897 898 case 'edit_post': 898 899 $author_data = get_userdata( $user_id ); 899 //echo "post ID: {$args[0]}<br />";900 900 $post = get_post( $args[0] ); 901 $post_type = get_post_type_object( $post->post_type ); 902 if ( $post_type && 'post' != $post_type->capability_type ) { 903 $args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args ); 904 return call_user_func_array( 'map_meta_cap', $args ); 905 } 906 $post_author_data = get_userdata( $post->post_author ); 907 //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />"; 908 // If the user is the author... 909 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) { 910 // If the post is published... 911 if ( 'publish' == $post->post_status ) { 912 $caps[] = 'edit_published_posts'; 913 } elseif ( 'trash' == $post->post_status ) { 914 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 901 if ( ! empty( $post->ID ) ) { 902 $post_type = get_post_type_object( $post->post_type ); 903 if ( $post_type && 'post' != $post_type->capability_type ) { 904 $args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args ); 905 return call_user_func_array( 'map_meta_cap', $args ); 906 } 907 $post_author_data = get_userdata( $post->post_author ); 908 909 // If the user is the author... 910 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) { 911 // If the post is published... 912 if ( 'publish' == $post->post_status ) { 915 913 $caps[] = 'edit_published_posts'; 914 } elseif ( 'trash' == $post->post_status ) { 915 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 916 $caps[] = 'edit_published_posts'; 917 } else { 918 // If the post is draft... 919 $caps[] = 'edit_posts'; 920 } 916 921 } else { 917 // If the post is draft... 918 $caps[] = 'edit_posts'; 922 // The user is trying to edit someone else's post. 923 $caps[] = 'edit_others_posts'; 924 // The post is published, extra cap required. 925 if ( 'publish' == $post->post_status ) 926 $caps[] = 'edit_published_posts'; 927 elseif ( 'private' == $post->post_status ) 928 $caps[] = 'edit_private_posts'; 919 929 } 920 } else {921 // The user is trying to edit someone else's post.922 $caps[] = 'edit_others_posts';923 // The post is published, extra cap required.924 if ( 'publish' == $post->post_status )925 $caps[] = 'edit_published_posts';926 elseif ( 'private' == $post->post_status )927 $caps[] = 'edit_private_posts';928 930 } 929 931 break; 930 932 case 'edit_page': 931 933 $author_data = get_userdata( $user_id ); 932 //echo "post ID: {$args[0]}<br />";933 934 $page = get_page( $args[0] ); 934 $page_author_data = get_userdata( $page->post_author ); 935 //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />"; 936 // If the user is the author... 937 if ( is_object( $page_author_data ) && $user_id == $page_author_data->ID ) { 938 // If the page is published... 939 if ( 'publish' == $page->post_status ) { 940 $caps[] = 'edit_published_pages'; 941 } elseif ( 'trash' == $page->post_status ) { 942 if ('publish' == get_post_meta($page->ID, '_wp_trash_meta_status', true) ) 935 if ( ! empty( $page->ID ) ) { 936 $page_author_data = get_userdata( $page->post_author ); 937 938 // If the user is the author... 939 if ( is_object( $page_author_data ) && $user_id == $page_author_data->ID ) { 940 // If the page is published... 941 if ( 'publish' == $page->post_status ) { 943 942 $caps[] = 'edit_published_pages'; 943 } elseif ( 'trash' == $page->post_status ) { 944 if ('publish' == get_post_meta($page->ID, '_wp_trash_meta_status', true) ) 945 $caps[] = 'edit_published_pages'; 946 } else { 947 // If the page is draft... 948 $caps[] = 'edit_pages'; 949 } 944 950 } else { 945 // If the page is draft... 946 $caps[] = 'edit_pages'; 951 // The user is trying to edit someone else's page. 952 $caps[] = 'edit_others_pages'; 953 // The page is published, extra cap required. 954 if ( 'publish' == $page->post_status ) 955 $caps[] = 'edit_published_pages'; 956 elseif ( 'private' == $page->post_status ) 957 $caps[] = 'edit_private_pages'; 947 958 } 948 } else {949 // The user is trying to edit someone else's page.950 $caps[] = 'edit_others_pages';951 // The page is published, extra cap required.952 if ( 'publish' == $page->post_status )953 $caps[] = 'edit_published_pages';954 elseif ( 'private' == $page->post_status )955 $caps[] = 'edit_private_pages';956 959 } 957 960 break; 958 961 case 'read_post': 959 962 $post = get_post( $args[0] ); 960 $post_type = get_post_type_object( $post->post_type ); 961 if ( $post_type && 'post' != $post_type->capability_type ) { 962 $args = array_merge( array( $post_type->cap->read_post, $user_id ), $args ); 963 return call_user_func_array( 'map_meta_cap', $args ); 964 } 963 if ( ! empty( $post->ID ) ) { 964 $post_type = get_post_type_object( $post->post_type ); 965 if ( $post_type && 'post' != $post_type->capability_type ) { 966 $args = array_merge( array( $post_type->cap->read_post, $user_id ), $args ); 967 return call_user_func_array( 'map_meta_cap', $args ); 968 } 965 969 966 if ( 'private' != $post->post_status ) { 967 $caps[] = 'read'; 968 break; 970 if ( 'private' != $post->post_status ) { 971 $caps[] = 'read'; 972 break; 973 } 974 975 $author_data = get_userdata( $user_id ); 976 $post_author_data = get_userdata( $post->post_author ); 977 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) 978 $caps[] = 'read'; 979 else 980 $caps[] = 'read_private_posts'; 969 981 } 970 971 $author_data = get_userdata( $user_id );972 $post_author_data = get_userdata( $post->post_author );973 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID )974 $caps[] = 'read';975 else976 $caps[] = 'read_private_posts';977 982 break; 978 983 case 'read_page': 979 984 $page = get_page( $args[0] ); 985 if ( ! empty( $page->ID ) ) { 980 986 981 if ( 'private' != $page->post_status ) { 982 $caps[] = 'read'; 983 break; 987 if ( 'private' != $page->post_status ) { 988 $caps[] = 'read'; 989 break; 990 } 991 992 $author_data = get_userdata( $user_id ); 993 $page_author_data = get_userdata( $page->post_author ); 994 if ( is_object( $page_author_data ) && $user_id == $page_author_data->ID ) 995 $caps[] = 'read'; 996 else 997 $caps[] = 'read_private_pages'; 984 998 } 985 986 $author_data = get_userdata( $user_id );987 $page_author_data = get_userdata( $page->post_author );988 if ( is_object( $page_author_data ) && $user_id == $page_author_data->ID )989 $caps[] = 'read';990 else991 $caps[] = 'read_private_pages';992 999 break; 993 1000 case 'unfiltered_upload': 994 1001 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin() ) )