Ticket #20745: 20745.patch

wp-admin/includes/class-wp-comments-list-table.php

@@ -485 +485 @@
                         $pending_comments = $this->pending_count[$post->ID] = $_pending_count_temp[$post->ID];
                 }
 
-                if ( current_user_can( 'edit_post', $post->ID ) ) {
+                if ( current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) ) {
                         $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
                         $post_link .= get_the_title( $post->ID ) . '</a>';
                 } else {

wp-admin/includes/class-wp-media-list-table.php

@@ -162 +162 @@
                 $alt = '';
 
                 while ( have_posts() ) : the_post();
-                        $user_can_edit = current_user_can( 'edit_post', $post->ID );
+                        $user_can_edit = current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID );
 
                         if ( $this->is_trash && $post->post_status != 'trash'
                         ||  !$this->is_trash && $post->post_status == 'trash' )
@@ -355 +355 @@
                 $actions = array();
 
                 if ( $this->detached ) {
-                        if ( current_user_can( 'edit_post', $post->ID ) )
+                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) )
                                 $actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>';
-                        if ( current_user_can( 'delete_post', $post->ID ) )
+                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->delete_post, $post->ID ) )
                                 if ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) {
                                         $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&amp;post=$post->ID", 'trash-attachment_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
                                 } else {
@@ -365 +365 @@
                                         $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&amp;post=$post->ID", 'delete-attachment_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
                                 }
                         $actions['view'] = '<a href="' . get_permalink( $post->ID ) . '" title="' . esc_attr( sprintf( __( 'View &#8220;%s&#8221;' ), $att_title ) ) . '" rel="permalink">' . __( 'View' ) . '</a>';
-                        if ( current_user_can( 'edit_post', $post->ID ) )
+                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) )
                                 $actions['attach'] = '<a href="#the-list" onclick="findPosts.open( \'media[]\',\''.$post->ID.'\' );return false;" class="hide-if-no-js">'.__( 'Attach' ).'</a>';
                 }
                 else {
-                        if ( current_user_can( 'edit_post', $post->ID ) && !$this->is_trash )
+                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) && !$this->is_trash )
                                 $actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>';
-                        if ( current_user_can( 'delete_post', $post->ID ) ) {
+                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->delete_post, $post->ID ) ) {
                                 if ( $this->is_trash )
                                         $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=untrash&amp;post=$post->ID", 'untrash-attachment_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
                                 elseif ( EMPTY_TRASH_DAYS && MEDIA_TRASH )

wp-admin/media.php

@@ -19 +19 @@
         $attachment_id = (int) $_POST['attachment_id'];
         check_admin_referer('media-form');
 
-        if ( !current_user_can('edit_post', $attachment_id) )
+        if ( ! current_user_can( get_post_type_object( 'attachment' )->cap->edit_post, $attachment_id ) )
                 wp_die ( __('You are not allowed to edit this attachment.') );
 
         $errors = media_upload_form_handler();
@@ -53 +53 @@
         }
         $att_id = (int) $_GET['attachment_id'];
 
-        if ( !current_user_can('edit_post', $att_id) )
+        if ( ! current_user_can( get_post_type_object( 'attachment' )->cap->edit_post, $att_id ) )
                 wp_die ( __('You are not allowed to edit this attachment.') );
 
         $att = get_post($att_id);

wp-admin/revision.php

@@ -21 +21 @@
 
 switch ( $action ) :
 case 'restore' :
-        if ( !$revision = wp_get_post_revision( $revision_id ) )
+        if ( ! $revision = wp_get_post_revision( $revision_id ) )
                 break;
-        if ( !current_user_can( 'edit_post', $revision->post_parent ) )
+        if ( ! $post = get_post( $revision->post_parent ) )
                 break;
-        if ( !$post = get_post( $revision->post_parent ) )
+        if ( ! current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) )
                 break;
 
         // Revisions disabled and we're not looking at an autosave
@@ -45 +45 @@
         if ( !$right_revision = get_post( $right ) )
                 break;
 
-        if ( !current_user_can( 'read_post', $left_revision->ID ) || !current_user_can( 'read_post', $right_revision->ID ) )
+        if ( ! current_user_can( get_post_type_object( $left_revision->post_type )->cap->read_post, $left_revision->ID ) || ! current_user_can( get_post_type_object( $right_revision->post_type )->cap->read_post, , $right_revision->ID ) )
                 break;
 
         // If we're comparing a revision to itself, redirect to the 'view' page for that revision or the edit page for that post
@@ -108 +108 @@
         if ( !$post = get_post( $revision->post_parent ) )
                 break;
 
-        if ( !current_user_can( 'read_post', $revision->ID ) || !current_user_can( 'read_post', $post->ID ) )
+        if ( ! current_user_can( get_post_type_object( $revision->post_type )->cap->read_post, $revision->ID ) || ! current_user_can( get_post_type_object( $post->post_type )->cap->read_post, $post->ID ) )
                 break;
 
         // Revisions disabled and we're not looking at an autosave

wp-admin/upload.php

@@ -58 +58 @@
                                 return;
 
                         $parent = &get_post( $parent_id );
-                        if ( !current_user_can( 'edit_post', $parent_id ) )
+                        if ( ! current_user_can( get_post_type_object( $parent->post_type )->cap->edit_post, $parent_id ) )
                                 wp_die( __( 'You are not allowed to edit this post.' ) );
 
                         $attach = array();
                         foreach ( (array) $_REQUEST['media'] as $att_id ) {
                                 $att_id = (int) $att_id;
 
-                                if ( !current_user_can( 'edit_post', $att_id ) )
+                                if ( ! current_user_can( get_post_type_object( 'attachment' )->cap->edit_post, $att_id ) )
                                         continue;
 
                                 $attach[] = $att_id;