diff --git wp-admin/includes/ajax-actions.php wp-admin/includes/ajax-actions.php
index 7a01af9..22982c9 100644
|
|
|
function wp_ajax_inline_save() { |
| 1512 | 1512 | if ( ! current_user_can( 'edit_page', $post_ID ) ) |
| 1513 | 1513 | wp_die( __( 'You are not allowed to edit this page.' ) ); |
| 1514 | 1514 | } else { |
| 1515 | | if ( ! current_user_can( 'edit_post', $post_ID ) ) |
| | 1515 | $post = get_post( $post_ID ); |
| | 1516 | $post_type_object = get_post_type_object( $post->post_type ); |
| | 1517 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $post_ID ) ) |
| 1516 | 1518 | wp_die( __( 'You are not allowed to edit this post.' ) ); |
| 1517 | 1519 | } |
| 1518 | 1520 | |
diff --git wp-admin/includes/class-wp-posts-list-table.php wp-admin/includes/class-wp-posts-list-table.php
index e626039..95148cc 100644
|
|
|
class WP_Posts_List_Table extends WP_List_Table { |
| 645 | 645 | $edit_link = get_edit_post_link( $post->ID ); |
| 646 | 646 | $title = _draft_or_post_title(); |
| 647 | 647 | $post_type_object = get_post_type_object( $post->post_type ); |
| 648 | | $can_edit_post = current_user_can( 'edit_post', $post->ID ); |
| | 648 | $can_edit_post = current_user_can( $post_type_object->cap->edit_posts, $post->ID ); |
| 649 | 649 | |
| 650 | 650 | $classes = 'iedit author-' . ( get_current_user_id() == $post->post_author ? 'self' : 'other' ); |
| 651 | 651 | |
diff --git wp-admin/includes/media.php wp-admin/includes/media.php
index 7581196..f88e00b 100644
|
|
|
function wp_media_attach_action( $parent_id, $action = 'attach' ) { |
| 3039 | 3039 | if ( ! $parent_id ) { |
| 3040 | 3040 | return; |
| 3041 | 3041 | } |
| 3042 | | |
| 3043 | | if ( ! current_user_can( 'edit_post', $parent_id ) ) { |
| | 3042 | $post = get_post( $post_ID ); |
| | 3043 | $post_type_object = get_post_type_object( $post->post_type ); |
| | 3044 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $parent_id ) ) { |
| 3044 | 3045 | wp_die( __( 'You are not allowed to edit this post.' ) ); |
| 3045 | 3046 | } |
| 3046 | 3047 | $ids = array(); |
| 3047 | 3048 | foreach ( (array) $_REQUEST['media'] as $att_id ) { |
| 3048 | 3049 | $att_id = (int) $att_id; |
| 3049 | 3050 | |
| 3050 | | if ( ! current_user_can( 'edit_post', $att_id ) ) { |
| | 3051 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $att_id ) ) { |
| 3051 | 3052 | continue; |
| 3052 | 3053 | } |
| 3053 | 3054 | |
diff --git wp-admin/includes/post.php wp-admin/includes/post.php
index 9356ace..c4592fe 100644
|
|
|
function _wp_translate_postdata( $update = false, $post_data = null ) { |
| 28 | 28 | |
| 29 | 29 | $ptype = get_post_type_object( $post_data['post_type'] ); |
| 30 | 30 | |
| 31 | | if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) { |
| | 31 | if ( $update && ! current_user_can( $ptype->cap->edit_posts, $post_data['ID'] ) ) { |
| 32 | 32 | if ( 'page' == $post_data['post_type'] ) |
| 33 | 33 | return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); |
| 34 | 34 | else |
| … |
… |
function edit_post( $post_data = null ) { |
| 199 | 199 | } |
| 200 | 200 | |
| 201 | 201 | $ptype = get_post_type_object($post_data['post_type']); |
| 202 | | if ( !current_user_can( 'edit_post', $post_ID ) ) { |
| | 202 | if ( !current_user_can( $ptype->cap->edit_posts, $post_ID ) ) { |
| 203 | 203 | if ( 'page' == $post_data['post_type'] ) |
| 204 | 204 | wp_die( __('You are not allowed to edit this page.' )); |
| 205 | 205 | else |
| … |
… |
function post_preview() { |
| 1660 | 1660 | if ( ! $post = get_post( $post_ID ) ) { |
| 1661 | 1661 | wp_die( __( 'You are not allowed to edit this post.' ) ); |
| 1662 | 1662 | } |
| 1663 | | |
| 1664 | | if ( ! current_user_can( 'edit_post', $post->ID ) ) { |
| | 1663 | $post_type_object = get_post_type_object( $post->post_type ); |
| | 1664 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $post->ID ) ) { |
| 1665 | 1665 | wp_die( __( 'You are not allowed to edit this post.' ) ); |
| 1666 | 1666 | } |
| 1667 | 1667 | |
diff --git wp-admin/post.php wp-admin/post.php
index 0c38b56..3bbb936 100644
|
|
|
case 'edit': |
| 152 | 152 | if ( ! $post_type_object ) |
| 153 | 153 | wp_die( __( 'Unknown post type.' ) ); |
| 154 | 154 | |
| 155 | | if ( ! current_user_can( 'edit_post', $post_id ) ) |
| | 155 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $post_id ) ) |
| 156 | 156 | wp_die( __( 'You are not allowed to edit this item.' ) ); |
| 157 | 157 | |
| 158 | 158 | if ( 'trash' == $post->post_status ) |
diff --git wp-includes/class-wp-xmlrpc-server.php wp-includes/class-wp-xmlrpc-server.php
index 898a322..46544d7 100644
|
|
|
class wp_xmlrpc_server extends IXR_Server { |
| 1174 | 1174 | if ( $update ) { |
| 1175 | 1175 | if ( ! get_post( $post_data['ID'] ) ) |
| 1176 | 1176 | return new IXR_Error( 401, __( 'Invalid post ID.' ) ); |
| 1177 | | if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) |
| | 1177 | if ( ! current_user_can( $post_type->cap->edit_posts, $post_data['ID'] ) ) |
| 1178 | 1178 | return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); |
| 1179 | 1179 | if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) ) |
| 1180 | 1180 | return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); |
diff --git wp-includes/link-template.php wp-includes/link-template.php
index 1f90199..bfe384b 100644
|
|
|
function get_edit_post_link( $id = 0, $context = 'display' ) { |
| 1181 | 1181 | if ( !$post_type_object ) |
| 1182 | 1182 | return; |
| 1183 | 1183 | |
| 1184 | | if ( !current_user_can( 'edit_post', $post->ID ) ) |
| | 1184 | if ( !current_user_can( $post_type_object->cap->edit_posts, $post->ID ) ) |
| 1185 | 1185 | return; |
| 1186 | 1186 | |
| 1187 | 1187 | /** |