WordPress.org

Make WordPress Core

Ticket #20745: 20745.patch

File 20745.patch, 6.8 KB (added by Viper007Bond, 6 years ago)
  • wp-admin/includes/class-wp-comments-list-table.php

     
    485485                        $pending_comments = $this->pending_count[$post->ID] = $_pending_count_temp[$post->ID];
    486486                }
    487487
    488                 if ( current_user_can( 'edit_post', $post->ID ) ) {
     488                if ( current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) ) {
    489489                        $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
    490490                        $post_link .= get_the_title( $post->ID ) . '</a>';
    491491                } else {
  • wp-admin/includes/class-wp-media-list-table.php

     
    162162                $alt = '';
    163163
    164164                while ( have_posts() ) : the_post();
    165                         $user_can_edit = current_user_can( 'edit_post', $post->ID );
     165                        $user_can_edit = current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID );
    166166
    167167                        if ( $this->is_trash && $post->post_status != 'trash'
    168168                        ||  !$this->is_trash && $post->post_status == 'trash' )
     
    355355                $actions = array();
    356356
    357357                if ( $this->detached ) {
    358                         if ( current_user_can( 'edit_post', $post->ID ) )
     358                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) )
    359359                                $actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>';
    360                         if ( current_user_can( 'delete_post', $post->ID ) )
     360                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->delete_post, $post->ID ) )
    361361                                if ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) {
    362362                                        $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&amp;post=$post->ID", 'trash-attachment_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
    363363                                } else {
     
    365365                                        $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&amp;post=$post->ID", 'delete-attachment_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
    366366                                }
    367367                        $actions['view'] = '<a href="' . get_permalink( $post->ID ) . '" title="' . esc_attr( sprintf( __( 'View &#8220;%s&#8221;' ), $att_title ) ) . '" rel="permalink">' . __( 'View' ) . '</a>';
    368                         if ( current_user_can( 'edit_post', $post->ID ) )
     368                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) )
    369369                                $actions['attach'] = '<a href="#the-list" onclick="findPosts.open( \'media[]\',\''.$post->ID.'\' );return false;" class="hide-if-no-js">'.__( 'Attach' ).'</a>';
    370370                }
    371371                else {
    372                         if ( current_user_can( 'edit_post', $post->ID ) && !$this->is_trash )
     372                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) && !$this->is_trash )
    373373                                $actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>';
    374                         if ( current_user_can( 'delete_post', $post->ID ) ) {
     374                        if ( current_user_can( get_post_type_object( $post->post_type )->cap->delete_post, $post->ID ) ) {
    375375                                if ( $this->is_trash )
    376376                                        $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=untrash&amp;post=$post->ID", 'untrash-attachment_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
    377377                                elseif ( EMPTY_TRASH_DAYS && MEDIA_TRASH )
  • wp-admin/media.php

     
    1919        $attachment_id = (int) $_POST['attachment_id'];
    2020        check_admin_referer('media-form');
    2121
    22         if ( !current_user_can('edit_post', $attachment_id) )
     22        if ( ! current_user_can( get_post_type_object( 'attachment' )->cap->edit_post, $attachment_id ) )
    2323                wp_die ( __('You are not allowed to edit this attachment.') );
    2424
    2525        $errors = media_upload_form_handler();
     
    5353        }
    5454        $att_id = (int) $_GET['attachment_id'];
    5555
    56         if ( !current_user_can('edit_post', $att_id) )
     56        if ( ! current_user_can( get_post_type_object( 'attachment' )->cap->edit_post, $att_id ) )
    5757                wp_die ( __('You are not allowed to edit this attachment.') );
    5858
    5959        $att = get_post($att_id);
  • wp-admin/revision.php

     
    2121
    2222switch ( $action ) :
    2323case 'restore' :
    24         if ( !$revision = wp_get_post_revision( $revision_id ) )
     24        if ( ! $revision = wp_get_post_revision( $revision_id ) )
    2525                break;
    26         if ( !current_user_can( 'edit_post', $revision->post_parent ) )
     26        if ( ! $post = get_post( $revision->post_parent ) )
    2727                break;
    28         if ( !$post = get_post( $revision->post_parent ) )
     28        if ( ! current_user_can( get_post_type_object( $post->post_type )->cap->edit_post, $post->ID ) )
    2929                break;
    3030
    3131        // Revisions disabled and we're not looking at an autosave
     
    4545        if ( !$right_revision = get_post( $right ) )
    4646                break;
    4747
    48         if ( !current_user_can( 'read_post', $left_revision->ID ) || !current_user_can( 'read_post', $right_revision->ID ) )
     48        if ( ! current_user_can( get_post_type_object( $left_revision->post_type )->cap->read_post, $left_revision->ID ) || ! current_user_can( get_post_type_object( $right_revision->post_type )->cap->read_post, , $right_revision->ID ) )
    4949                break;
    5050
    5151        // If we're comparing a revision to itself, redirect to the 'view' page for that revision or the edit page for that post
     
    108108        if ( !$post = get_post( $revision->post_parent ) )
    109109                break;
    110110
    111         if ( !current_user_can( 'read_post', $revision->ID ) || !current_user_can( 'read_post', $post->ID ) )
     111        if ( ! current_user_can( get_post_type_object( $revision->post_type )->cap->read_post, $revision->ID ) || ! current_user_can( get_post_type_object( $post->post_type )->cap->read_post, $post->ID ) )
    112112                break;
    113113
    114114        // Revisions disabled and we're not looking at an autosave
  • wp-admin/upload.php

     
    5858                                return;
    5959
    6060                        $parent = &get_post( $parent_id );
    61                         if ( !current_user_can( 'edit_post', $parent_id ) )
     61                        if ( ! current_user_can( get_post_type_object( $parent->post_type )->cap->edit_post, $parent_id ) )
    6262                                wp_die( __( 'You are not allowed to edit this post.' ) );
    6363
    6464                        $attach = array();
    6565                        foreach ( (array) $_REQUEST['media'] as $att_id ) {
    6666                                $att_id = (int) $att_id;
    6767
    68                                 if ( !current_user_can( 'edit_post', $att_id ) )
     68                                if ( ! current_user_can( get_post_type_object( 'attachment' )->cap->edit_post, $att_id ) )
    6969                                        continue;
    7070
    7171                                $attach[] = $att_id;