Ticket #26409: manage-terms-cap-checks.patch
File manage-terms-cap-checks.patch, 4.7 KB (added by , 11 years ago) |
---|
-
src/wp-admin/includes/post.php
346 346 unset($post_data[$field]); 347 347 } 348 348 349 if ( isset($post_data['post_category']) ) { 350 if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) ) 349 $taxonomy_obj = get_taxonomy( 'category' ); 350 if ( $taxonomy_obj && isset( $post_data['post_category'] ) ) { 351 if ( is_array( $post_data['post_category'] ) && ! empty( $post_data['post_category'] ) ) { 351 352 $new_cats = array_map( 'absint', $post_data['post_category'] ); 352 else 353 unset($post_data['post_category']); 353 } 354 else { 355 unset( $post_data['post_category'] ); 356 } 354 357 } 355 358 356 359 $tax_input = array(); … … 403 406 $tax_names = get_object_taxonomies( $post ); 404 407 foreach ( $tax_names as $tax_name ) { 405 408 $taxonomy_obj = get_taxonomy($tax_name); 406 if ( isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) ) 409 if ( isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) ) { 407 410 $new_terms = $tax_input[$tax_name]; 408 else 411 if ( ! current_user_can( $taxonomy_obj->cap->manage_terms ) ) { 412 $new_terms = wp_strip_new_terms( $new_terms, $tax_name ); 413 } 414 } 415 else { 409 416 $new_terms = array(); 417 } 410 418 411 419 if ( $taxonomy_obj->hierarchical ) 412 420 $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'ids') ); -
src/wp-includes/post.php
2906 2906 $wpdb->update( $wpdb->posts, array( 'post_name' => $data['post_name'] ), $where ); 2907 2907 } 2908 2908 2909 if ( is_object_in_taxonomy($post_type, 'category') ) 2909 $taxonomy_obj = get_taxonomy( 'category' ); 2910 if ( $taxonomy_obj && is_object_in_taxonomy( $post_type, $taxonomy_obj->name ) && current_user_can( $taxonomy_obj->cap->assign_terms ) ) { 2911 if ( ! is_taxonomy_hierarchical( $taxonomy_obj->name ) && ! current_user_can( $taxonomy_obj->cap->manage_terms ) ) { 2912 $post_category = wp_strip_new_terms( $post_category, $taxonomy_obj->name ); 2913 } 2910 2914 wp_set_post_categories( $post_ID, $post_category ); 2915 } 2911 2916 2912 if ( isset( $tags_input ) && is_object_in_taxonomy($post_type, 'post_tag') ) 2917 $taxonomy_obj = get_taxonomy( 'post_tag' ); 2918 if ( $taxonomy_obj && isset( $tags_input ) && is_object_in_taxonomy( $post_type, $taxonomy_obj->name ) && current_user_can( $taxonomy_obj->cap->assign_terms ) ) { 2919 if ( ! is_taxonomy_hierarchical( $taxonomy_obj->name ) && ! current_user_can( $taxonomy_obj->cap->manage_terms ) ) { 2920 $tags_input = wp_strip_new_terms( $tags_input, $taxonomy_obj->name ); 2921 } 2913 2922 wp_set_post_tags( $post_ID, $tags_input ); 2923 } 2914 2924 2915 2925 // new-style support for all custom taxonomies 2916 if ( !empty($tax_input) ) { 2917 foreach ( $tax_input as $taxonomy => $tags ) { 2918 $taxonomy_obj = get_taxonomy($taxonomy); 2919 if ( is_array($tags) ) // array = hierarchical, string = non-hierarchical. 2920 $tags = array_filter($tags); 2921 if ( current_user_can($taxonomy_obj->cap->assign_terms) ) 2922 wp_set_post_terms( $post_ID, $tags, $taxonomy ); 2926 if ( ! empty( $tax_input ) ) { 2927 foreach ( $tax_input as $taxonomy => $terms ) { 2928 $taxonomy_obj = get_taxonomy( $taxonomy ); 2929 if ( $taxonomy_obj && current_user_can( $taxonomy_obj->cap->assign_terms ) ) { 2930 if ( is_array( $terms ) ) { // array = hierarchical, string = non-hierarchical. 2931 $terms = array_filter( $terms ); 2932 } 2933 if ( ! is_taxonomy_hierarchical( $taxonomy_obj->name ) && ! current_user_can( $taxonomy_obj->cap->manage_terms ) ) { 2934 $terms = wp_strip_new_terms( $terms, $taxonomy_obj->name ); 2935 } 2936 wp_set_post_terms( $post_ID, $terms, $taxonomy ); 2937 } 2923 2938 } 2924 2939 } 2925 2940 … … 3286 3301 } 3287 3302 3288 3303 /** 3304 * Filter out any terms that don't already exist. Not applicable to 3305 * hierarchical taxonomies. 3306 * 3307 * @param array $terms 3308 * @param string $taxonomy 3309 * 3310 * @return array 3311 */ 3312 function wp_strip_new_terms( $terms, $taxonomy ) { 3313 3314 if ( ! taxonomy_exists( $taxonomy ) || is_taxonomy_hierarchical( $taxonomy ) ) { 3315 return $terms; 3316 } 3317 3318 if ( empty( $terms ) ) { 3319 $terms = array(); 3320 } 3321 if ( ! is_array( $terms ) ) { 3322 $comma = _x( ',', 'tag delimiter' ); 3323 if ( ',' !== $comma ) { 3324 $terms = str_replace( $comma, ',', $terms ); 3325 } 3326 $terms = explode( ',', trim( $terms, " \n\t\r\0\x0B," ) ); 3327 } 3328 3329 $new_terms = array(); 3330 foreach( $terms as $term ) { 3331 if ( ! term_exists( $term, $taxonomy ) ) { 3332 $new_terms[] = $term; 3333 } 3334 } 3335 $terms = array_diff( $terms, $new_terms ); 3336 return $terms; 3337 } 3338 3339 /** 3289 3340 * Transition the post status of a post. 3290 3341 * 3291 3342 * Calls hooks to transition post status.