Make WordPress Core

Ticket #40854: 40854-no-postid-requirement-in-parse-embed-ajax.3.diff

File 40854-no-postid-requirement-in-parse-embed-ajax.3.diff, 1.1 KB (added by westonruter, 7 years ago)

Consolidate error checks

  • src/wp-admin/includes/ajax-actions.php

    diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php
    index 5c53f6805c..c523411efb 100644
    function wp_ajax_query_themes() { 
    30053005function wp_ajax_parse_embed() {
    30063006        global $post, $wp_embed;
    30073007
    3008         if ( ! $post = get_post( (int) $_POST['post_ID'] ) ) {
     3008        if ( empty( $_POST['shortcode'] ) ) {
    30093009                wp_send_json_error();
    30103010        }
    3011 
    3012         if ( empty( $_POST['shortcode'] ) || ! current_user_can( 'edit_post', $post->ID ) ) {
     3011        $post_id = isset( $_POST[ 'post_ID' ] ) ? intval( $_POST[ 'post_ID' ] ) : 0;
     3012        if ( $post_id > 0 ) {
     3013                $post = get_post( $post_id );
     3014                if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) {
     3015                        wp_send_json_error();
     3016                }
     3017                setup_postdata( $post );
     3018        } elseif ( ! current_user_can( 'edit_posts' ) ) { // See WP_oEmbed_Controller::get_proxy_item_permissions_check().
    30133019                wp_send_json_error();
    30143020        }
    30153021
    function wp_ajax_parse_embed() { 
    30263032        }
    30273033
    30283034        $parsed = false;
    3029         setup_postdata( $post );
    3030 
    30313035        $wp_embed->return_false_on_fail = true;
    30323036
    30333037        if ( is_ssl() && 0 === strpos( $url, 'http://' ) ) {