Ticket #24916: 24916.2.diff
File 24916.2.diff, 3.9 KB (added by , 10 years ago) |
---|
-
src/wp-includes/class-wp-xmlrpc-server.php
4756 4756 $post_author = $postdata['post_author']; 4757 4757 4758 4758 // Only set the post_author if one is set. 4759 if ( isset($content_struct['wp_author_id']) && ($user->ID != $content_struct['wp_author_id']) ) { 4760 switch ( $post_type ) { 4761 case 'post': 4762 if ( !current_user_can('edit_others_posts') ) 4763 return new IXR_Error( 401, __( 'You are not allowed to change the post author as this user.' ) ); 4764 break; 4765 case 'page': 4766 if ( !current_user_can('edit_others_pages') ) 4767 return new IXR_Error( 401, __( 'You are not allowed to change the page author as this user.' ) ); 4768 break; 4769 default: 4770 return new IXR_Error( 401, __( 'Invalid post type' ) ); 4759 if ( isset( $content_struct['wp_author_id'] ) ) { 4760 // Check permissions if attempting to switch author to or from another user 4761 if ( $user->ID != $content_struct['wp_author_id'] || $user->ID != $post_author ) { 4762 switch ( $post_type ) { 4763 case 'post': 4764 if ( ! current_user_can('edit_others_posts') ) 4765 return new IXR_Error( 401, __( 'You are not allowed to change the post author as this user.' ) ); 4766 break; 4767 case 'page': 4768 if ( ! current_user_can('edit_others_pages') ) 4769 return new IXR_Error( 401, __( 'You are not allowed to change the page author as this user.' ) ); 4770 break; 4771 default: 4772 return new IXR_Error( 401, __( 'Invalid post type' ) ); 4773 } 4774 4775 $post_author = $content_struct['wp_author_id']; 4771 4776 } 4772 $post_author = $content_struct['wp_author_id'];4773 4777 } 4774 4778 4775 4779 if ( isset($content_struct['mt_allow_comments']) ) { -
tests/phpunit/tests/xmlrpc/mw/editPost.php
95 95 $this->assertEquals( $contributor_id, $out->post_author ); 96 96 } 97 97 98 /** 99 * @ticket 24916 100 */ 101 function test_capable_reassign_author_to_self() { 102 $contributor_id = $this->make_user_by_role( 'contributor' ); 103 $editor_id = $this->make_user_by_role( 'editor' ); 104 105 $post = array( 'post_title' => 'Post test', 'post_author' => $contributor_id ); 106 $post_id = wp_insert_post( $post ); 107 108 $post2 = array( 'wp_author_id' => $editor_id ); 109 $result = $this->myxmlrpcserver->mw_editPost( array( $post_id, 'editor', 'editor', $post2 ) ); 110 $this->assertNotInstanceOf( 'IXR_Error', $result ); 111 $this->assertTrue($result); 112 113 $out = get_post( $post_id ); 114 $this->assertEquals( $editor_id, $out->post_author ); 115 } 116 98 117 function test_post_thumbnail() { 99 118 add_theme_support( 'post-thumbnails' ); 100 119 -
tests/phpunit/tests/xmlrpc/wp/editPost.php
95 95 $this->assertEquals( $contributor_id, $out->post_author ); 96 96 } 97 97 98 /** 99 * @ticket 24916 100 */ 101 function test_capable_reassign_author_to_self() { 102 $contributor_id = $this->make_user_by_role( 'contributor' ); 103 $editor_id = $this->make_user_by_role( 'editor' ); 104 105 $post = array( 'post_title' => 'Post test', 'post_author' => $contributor_id ); 106 $post_id = wp_insert_post( $post ); 107 108 $post2 = array( 'post_author' => $editor_id ); 109 $result = $this->myxmlrpcserver->wp_editPost( array( 1, 'editor', 'editor', $post_id, $post2 ) ); 110 $this->assertNotInstanceOf( 'IXR_Error', $result ); 111 $this->assertTrue($result); 112 113 $out = get_post( $post_id ); 114 $this->assertEquals( $editor_id, $out->post_author ); 115 } 116 98 117 function test_post_thumbnail() { 99 118 add_theme_support( 'post-thumbnails' ); 100 119