Make WordPress Core

Ticket #40854: 40854-no-postid-requirement-in-parse-embed-ajax.2.diff

File 40854-no-postid-requirement-in-parse-embed-ajax.2.diff, 994 bytes (added by biskobe, 7 years ago)
  • src/wp-admin/includes/ajax-actions.php

    diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
    index 5c53f6805c..60fdab7f32 100644
    a b function wp_ajax_query_themes() { 
    30053005function wp_ajax_parse_embed() {
    30063006        global $post, $wp_embed;
    30073007
    3008         if ( ! $post = get_post( (int) $_POST['post_ID'] ) ) {
    3009                 wp_send_json_error();
    3010         }
    3011 
    3012         if ( empty( $_POST['shortcode'] ) || ! current_user_can( 'edit_post', $post->ID ) ) {
     3008        if ( empty( $_POST['shortcode'] ) || ! current_user_can( 'edit_posts' ) ) {
    30133009                wp_send_json_error();
    30143010        }
    30153011
    function wp_ajax_parse_embed() { 
    30263022        }
    30273023
    30283024        $parsed = false;
    3029         setup_postdata( $post );
     3025
     3026        $post_ID = (int) $_POST[ 'post_ID' ];
     3027        if ( $post_ID && $post = get_post( $post_ID ) ) {
     3028                if ( ! current_user_can( 'edit_post', $post->ID ) ) {
     3029                        wp_send_json_error();
     3030                }
     3031
     3032                setup_postdata( $post );
     3033        }
    30303034
    30313035        $wp_embed->return_false_on_fail = true;
    30323036