Ticket #24916: 24916.diff
File 24916.diff, 3.9 KB (added by , 10 years ago) |
---|
-
src/wp-includes/class-wp-xmlrpc-server.php
4790 4790 $post_author = $postdata['post_author']; 4791 4791 4792 4792 // Only set the post_author if one is set. 4793 if ( isset($content_struct['wp_author_id']) && ($user->ID != $content_struct['wp_author_id']) ) { 4794 switch ( $post_type ) { 4795 case 'post': 4796 if ( !current_user_can('edit_others_posts') ) 4797 return(new IXR_Error(401, __('You are not allowed to change the post author as this user.'))); 4798 break; 4799 case 'page': 4800 if ( !current_user_can('edit_others_pages') ) 4801 return(new IXR_Error(401, __('You are not allowed to change the page author as this user.'))); 4802 break; 4803 default: 4804 return(new IXR_Error(401, __('Invalid post type'))); 4805 break; 4793 if ( isset( $content_struct['wp_author_id'] ) ) { 4794 // Check permissions if attempting to switch author to or from another user 4795 if ( $user->ID != $content_struct['wp_author_id'] || $user->ID != $post_author ) { 4796 switch ( $post_type ) { 4797 case 'post': 4798 if ( ! current_user_can('edit_others_posts') ) { 4799 return new IXR_Error( 401, __( 'You are not allowed to change the post author as this user.' ) ); 4800 } 4801 break; 4802 case 'page': 4803 if ( ! current_user_can('edit_others_pages') ){ 4804 return new IXR_Error( 401, __( 'You are not allowed to change the page author as this user.' ) ); 4805 } 4806 break; 4807 default: 4808 return new IXR_Error( 401, __( 'Invalid post type' ) ); 4809 break; 4810 } 4811 4812 $post_author = $content_struct['wp_author_id']; 4806 4813 } 4807 $post_author = $content_struct['wp_author_id'];4808 4814 } 4809 4815 4810 4816 if ( isset($content_struct['mt_allow_comments']) ) { -
tests/phpunit/tests/xmlrpc/mw/editPost.php
95 95 $this->assertEquals( $contributor_id, $out->post_author ); 96 96 } 97 97 98 /** 99 * @ticket 24916 100 */ 101 function test_capable_reassign_author_to_self() { 102 $contributor_id = $this->make_user_by_role( 'contributor' ); 103 $editor_id = $this->make_user_by_role( 'editor' ); 104 105 $post = array( 'post_title' => 'Post test', 'post_author' => $contributor_id ); 106 $post_id = wp_insert_post( $post ); 107 108 $post2 = array( 'wp_author_id' => $editor_id ); 109 $result = $this->myxmlrpcserver->mw_editPost( array( $post_id, 'editor', 'editor', $post2 ) ); 110 $this->assertNotInstanceOf( 'IXR_Error', $result ); 111 $this->assertTrue($result); 112 113 $out = get_post( $post_id ); 114 $this->assertEquals( $editor_id, $out->post_author ); 115 } 116 98 117 function test_post_thumbnail() { 99 118 add_theme_support( 'post-thumbnails' ); 100 119 -
tests/phpunit/tests/xmlrpc/wp/editPost.php
95 95 $this->assertEquals( $contributor_id, $out->post_author ); 96 96 } 97 97 98 /** 99 * @ticket 24916 100 */ 101 function test_capable_reassign_author_to_self() { 102 $contributor_id = $this->make_user_by_role( 'contributor' ); 103 $editor_id = $this->make_user_by_role( 'editor' ); 104 105 $post = array( 'post_title' => 'Post test', 'post_author' => $contributor_id ); 106 $post_id = wp_insert_post( $post ); 107 108 $post2 = array( 'post_author' => $editor_id ); 109 $result = $this->myxmlrpcserver->wp_editPost( array( 1, 'editor', 'editor', $post_id, $post2 ) ); 110 $this->assertNotInstanceOf( 'IXR_Error', $result ); 111 $this->assertTrue($result); 112 113 $out = get_post( $post_id ); 114 $this->assertEquals( $editor_id, $out->post_author ); 115 } 116 98 117 function test_post_thumbnail() { 99 118 add_theme_support( 'post-thumbnails' ); 100 119