WordPress.org

Make WordPress Core

Ticket #16847: 16847.diff

File 16847.diff, 2.1 KB (added by adamsilverstein, 9 years ago)

match cap checks in revisions to cap check used in edit

  • wp-admin/revision.php

     
    2323case 'restore' :
    2424        if ( !$revision = wp_get_post_revision( $revision_id ) )
    2525                break;
    26         if ( !current_user_can( 'edit_post', $revision->post_parent ) )
     26        if ( ! $post = get_post( $revision->post_parent ) )
    2727                break;
    28         if ( !$post = get_post( $revision->post_parent ) )
     28        if ( ! $post_type_object = get_post_type_object( $post->post_type ))
    2929                break;
     30        if ( ! current_user_can( $post_type_object->cap->edit_posts, $revision->post_parent ) )
     31                break;
    3032
    3133        // Revisions disabled and we're not looking at an autosave
    3234        if ( ( ! WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions') ) && !wp_is_post_autosave( $revision ) ) {
     
    4446                break;
    4547        if ( !$right_revision = get_post( $right ) )
    4648                break;
    47 
    48         if ( !current_user_can( 'read_post', $left_revision->ID ) || !current_user_can( 'read_post', $right_revision->ID ) )
     49        if ( ! $post = get_post( $revision->post_parent ) )
    4950                break;
     51        if ( ! $post_type_object = get_post_type_object( $post->post_type ))
     52                break;
     53        if ( ! current_user_can( $post_type_object->cap->edit_posts, $left_revision->ID ) || ! current_user_can( $post_type_object->cap->edit_posts, $right_revision->ID ) )
     54                break;
    5055
    5156        // If we're comparing a revision to itself, redirect to the 'view' page for that revision or the edit page for that post
    5257        if ( $left_revision->ID == $right_revision->ID ) {
     
    107112                break;
    108113        if ( !$post = get_post( $revision->post_parent ) )
    109114                break;
    110 
    111         if ( !current_user_can( 'read_post', $revision->ID ) || !current_user_can( 'read_post', $post->ID ) )
     115        if ( ! $post_type_object = get_post_type_object( $post->post_type ))
    112116                break;
     117        if ( ! current_user_can( $post_type_object->cap->edit_posts, $revision->ID ) || ! current_user_can( $post_type_object->cap->edit_posts, $post->ID ) )
     118                break;
    113119
    114120        // Revisions disabled and we're not looking at an autosave
    115121        if ( ( ! WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions') ) && !wp_is_post_autosave( $revision ) ) {