Make WordPress Core

Ticket #31917: ticket-31917.2.diff

File ticket-31917.2.diff, 10.6 KB (added by lpawlik, 9 years ago)

Updated patch.

  • wp-admin/includes/ajax-actions.php

    diff --git wp-admin/includes/ajax-actions.php wp-admin/includes/ajax-actions.php
    index 7a01af9..22982c9 100644
    function wp_ajax_inline_save() { 
    15121512                if ( ! current_user_can( 'edit_page', $post_ID ) )
    15131513                        wp_die( __( 'You are not allowed to edit this page.' ) );
    15141514        } else {
    1515                 if ( ! current_user_can( 'edit_post', $post_ID ) )
     1515                $post = get_post( $post_ID );
     1516                $post_type_object = get_post_type_object( $post->post_type );
     1517                if ( ! current_user_can( $post_type_object->cap->edit_posts, $post_ID ) )
    15161518                        wp_die( __( 'You are not allowed to edit this post.' ) );
    15171519        }
    15181520
  • wp-admin/includes/class-wp-posts-list-table.php

    diff --git wp-admin/includes/class-wp-posts-list-table.php wp-admin/includes/class-wp-posts-list-table.php
    index e626039..95148cc 100644
    class WP_Posts_List_Table extends WP_List_Table { 
    645645                $edit_link = get_edit_post_link( $post->ID );
    646646                $title = _draft_or_post_title();
    647647                $post_type_object = get_post_type_object( $post->post_type );
    648                 $can_edit_post = current_user_can( 'edit_post', $post->ID );
     648                $can_edit_post = current_user_can( $post_type_object->cap->edit_posts, $post->ID );
    649649
    650650                $classes = 'iedit author-' . ( get_current_user_id() == $post->post_author ? 'self' : 'other' );
    651651
  • wp-admin/includes/media.php

    diff --git wp-admin/includes/media.php wp-admin/includes/media.php
    index 7581196..f88e00b 100644
    function wp_media_attach_action( $parent_id, $action = 'attach' ) { 
    30393039        if ( ! $parent_id ) {
    30403040                return;
    30413041        }
    3042 
    3043         if ( ! current_user_can( 'edit_post', $parent_id ) ) {
     3042        $post = get_post( $post_ID );
     3043        $post_type_object = get_post_type_object( $post->post_type );
     3044        if ( ! current_user_can( $post_type_object->cap->edit_posts, $parent_id ) ) {
    30443045                wp_die( __( 'You are not allowed to edit this post.' ) );
    30453046        }
    30463047        $ids = array();
    30473048        foreach ( (array) $_REQUEST['media'] as $att_id ) {
    30483049                $att_id = (int) $att_id;
    30493050
    3050                 if ( ! current_user_can( 'edit_post', $att_id ) ) {
     3051                if ( ! current_user_can( $post_type_object->cap->edit_posts, $att_id ) ) {
    30513052                        continue;
    30523053                }
    30533054
  • wp-admin/includes/post.php

    diff --git wp-admin/includes/post.php wp-admin/includes/post.php
    index 9356ace..c4592fe 100644
    function _wp_translate_postdata( $update = false, $post_data = null ) { 
    2828
    2929        $ptype = get_post_type_object( $post_data['post_type'] );
    3030
    31         if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
     31        if ( $update && ! current_user_can( $ptype->cap->edit_posts, $post_data['ID'] ) ) {
    3232                if ( 'page' == $post_data['post_type'] )
    3333                        return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
    3434                else
    function edit_post( $post_data = null ) { 
    199199        }
    200200
    201201        $ptype = get_post_type_object($post_data['post_type']);
    202         if ( !current_user_can( 'edit_post', $post_ID ) ) {
     202        if ( !current_user_can( $ptype->cap->edit_posts, $post_ID ) ) {
    203203                if ( 'page' == $post_data['post_type'] )
    204204                        wp_die( __('You are not allowed to edit this page.' ));
    205205                else
    function post_preview() { 
    16601660        if ( ! $post = get_post( $post_ID ) ) {
    16611661                wp_die( __( 'You are not allowed to edit this post.' ) );
    16621662        }
    1663 
    1664         if ( ! current_user_can( 'edit_post', $post->ID ) ) {
     1663        $post_type_object = get_post_type_object( $post->post_type );
     1664        if ( ! current_user_can( $post_type_object->cap->edit_posts, $post->ID ) ) {
    16651665                wp_die( __( 'You are not allowed to edit this post.' ) );
    16661666        }
    16671667
  • wp-admin/post.php

    diff --git wp-admin/post.php wp-admin/post.php
    index 0c38b56..3bbb936 100644
    case 'edit': 
    152152        if ( ! $post_type_object )
    153153                wp_die( __( 'Unknown post type.' ) );
    154154
    155         if ( ! current_user_can( 'edit_post', $post_id ) )
     155        if ( ! current_user_can( $post_type_object->cap->edit_posts, $post_id ) )
    156156                wp_die( __( 'You are not allowed to edit this item.' ) );
    157157
    158158        if ( 'trash' == $post->post_status )
  • wp-includes/class-wp-xmlrpc-server.php

    diff --git wp-includes/class-wp-xmlrpc-server.php wp-includes/class-wp-xmlrpc-server.php
    index 898a322..46544d7 100644
    class wp_xmlrpc_server extends IXR_Server { 
    11741174                if ( $update ) {
    11751175                        if ( ! get_post( $post_data['ID'] ) )
    11761176                                return new IXR_Error( 401, __( 'Invalid post ID.' ) );
    1177                         if ( ! current_user_can( 'edit_post', $post_data['ID'] ) )
     1177                        if ( ! current_user_can( $post_type->cap->edit_posts, $post_data['ID'] ) )
    11781178                                return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
    11791179                        if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) )
    11801180                                return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
  • wp-includes/link-template.php

    diff --git wp-includes/link-template.php wp-includes/link-template.php
    index 1f90199..bfe384b 100644
    function get_edit_post_link( $id = 0, $context = 'display' ) { 
    11811181        if ( !$post_type_object )
    11821182                return;
    11831183
    1184         if ( !current_user_can( 'edit_post', $post->ID ) )
     1184        if ( !current_user_can( $post_type_object->cap->edit_posts, $post->ID ) )
    11851185                return;
    11861186
    11871187        /**