WordPress.org

Make WordPress Core

Ticket #4529: trash-fixes.diff

File trash-fixes.diff, 13.0 KB (added by caesarsgrunt, 6 years ago)

Mostly permissions fixes, and fix for bug mentioned by Westi.

  • wp-includes/post.php

     
    12641264 
    12651265        do_action('untrash_post', $postid); 
    12661266 
    1267         $post['post_status'] = 'draft'; 
     1267        $post['post_status'] = ($post->post_type == 'attachment') ? 'inherit' : 'draft'; 
    12681268 
    12691269        $trash_meta = get_option('wp_trash_meta'); 
    12701270        if ( is_array($trash_meta) && isset($trash_meta['posts'][$postid]) ) { 
  • wp-includes/js/swfupload/handlers.dev.js

     
    7878                // Tell the server to delete it. TODO: handle exceptions 
    7979                jQuery.ajax({url:'admin-ajax.php',type:'post',success:deleteSuccess,error:deleteError,id:fileObj.id,data:{ 
    8080                        id : this.id.replace(/[^0-9]/g,''), 
    81                         action : 'delete-post', 
     81                        action : 'trash-post', 
    8282                        _ajax_nonce : this.href.replace(/^.*wpnonce=/,'')} 
    8383                        }); 
    8484                return false; 
  • wp-includes/capabilities.php

     
    775775                        // If the post is published... 
    776776                        if ( 'publish' == $post->post_status ) 
    777777                                $caps[] = 'delete_published_posts'; 
     778                        elseif ( 'trash' == $post->post_status ) { 
     779                                $trash_meta = get_option('wp_trash_meta'); 
     780                                if (is_array($trash_meta) && isset($trash_meta['posts'][$post->ID]['status']) && $trash_meta['posts'][$post->ID]['status'] == 'publish') 
     781                                        $caps[] = 'delete_published_posts'; 
     782                        } 
    778783                        else 
    779784                                // If the post is draft... 
    780785                                $caps[] = 'delete_posts'; 
     
    799804                        // If the page is published... 
    800805                        if ( $page->post_status == 'publish' ) 
    801806                                $caps[] = 'delete_published_pages'; 
     807                        elseif ( 'trash' == $page->post_status ) { 
     808                                $trash_meta = get_option('wp_trash_meta'); 
     809                                if (is_array($trash_meta) && isset($trash_meta['posts'][$page->ID]['status']) && $trash_meta['posts'][$page->ID]['status'] == 'publish') 
     810                                        $caps[] = 'delete_published_pages'; 
     811                        } 
    802812                        else 
    803813                                // If the page is draft... 
    804814                                $caps[] = 'delete_pages'; 
     
    829839                        // If the post is published... 
    830840                        if ( 'publish' == $post->post_status ) 
    831841                                $caps[] = 'edit_published_posts'; 
     842                        elseif ( 'trash' == $post->post_status ) { 
     843                                $trash_meta = get_option('wp_trash_meta'); 
     844                                if (is_array($trash_meta) && isset($trash_meta['posts'][$post->ID]['status']) && $trash_meta['posts'][$post->ID]['status'] == 'publish') 
     845                                        $caps[] = 'edit_published_posts'; 
     846                        } 
    832847                        else 
    833848                                // If the post is draft... 
    834849                                $caps[] = 'edit_posts'; 
     
    853868                        // If the page is published... 
    854869                        if ( 'publish' == $page->post_status ) 
    855870                                $caps[] = 'edit_published_pages'; 
     871                        elseif ( 'trash' == $page->post_status ) { 
     872                                $trash_meta = get_option('wp_trash_meta'); 
     873                                if (is_array($trash_meta) && isset($trash_meta['posts'][$page->ID]['status']) && $trash_meta['posts'][$page->ID]['status'] == 'publish') 
     874                                        $caps[] = 'edit_published_pages'; 
     875                        } 
    856876                        else 
    857877                                // If the page is draft... 
    858878                                $caps[] = 'edit_pages'; 
  • wp-admin/edit-comments.php

     
    303303 
    304304if ( ( 'spam' == $comment_status || 'trash' == $comment_status) && current_user_can ('moderate_comments') ) { 
    305305        wp_nonce_field('bulk-destroy', '_destroy_nonce'); 
    306     if ( 'spam' == $comment_status ) { ?> 
     306    if ( 'spam' == $comment_status && current_user_can('moderate_comments') ) { ?> 
    307307                <input type="submit" name="delete_all" id="delete_all" value="<?php esc_attr_e('Empty Spam'); ?>" class="button-secondary apply" /> 
    308308<?php } elseif ( 'trash' == $comment_status && current_user_can('moderate_comments') ) { ?> 
    309309                <input type="submit" name="delete_all" id="delete_all" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" /> 
     
    375375</select> 
    376376<input type="submit" name="doaction2" id="doaction2" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" /> 
    377377 
    378 <?php if ( 'spam' == $comment_status ) { ?> 
     378<?php if ( 'spam' == $comment_status && current_user_can('moderate_comments') ) { ?> 
    379379<input type="submit" name="delete_all2" id="delete_all2" value="<?php esc_attr_e('Empty Spam'); ?>" class="button-secondary apply" /> 
    380380<?php } elseif ( 'trash' == $comment_status && current_user_can('moderate_comments') ) { ?> 
    381381<input type="submit" name="delete_all2" id="delete_all2" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" /> 
  • wp-admin/admin-ajax.php

     
    312312        else 
    313313                die('0'); 
    314314        break; 
     315case 'trash-post' : 
     316        check_ajax_referer( "{$action}_$id" ); 
     317        if ( !current_user_can( 'delete_post', $id ) ) 
     318                die('-1'); 
     319 
     320        if ( !get_post( $id ) ) 
     321                die('1'); 
     322 
     323        if ( wp_trash_post( $id ) ) 
     324                die('1'); 
     325        else 
     326                die('0'); 
     327        break; 
    315328case 'delete-page' : 
    316329        check_ajax_referer( "{$action}_$id" ); 
    317330        if ( !current_user_can( 'delete_page', $id ) ) 
  • wp-admin/includes/template.php

     
    14391439                                the_excerpt(); 
    14401440 
    14411441                        $actions = array(); 
    1442                         if ( 'trash' == $post->post_status && current_user_can('delete_post', $post->ID) ) { 
    1443                                 $actions['untrash'] = "<a title='" . esc_attr(__('Remove this post from the Trash')) . "' href='" . wp_nonce_url("post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID) . "'>" . __('Restore') . "</a>"; 
    1444                                 $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post permanently')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>"; 
     1442                        if ('trash' == $post->post_status) { 
     1443                                if (current_user_can('delete_post', $post->ID)) { 
     1444                                        $actions['untrash'] = "<a title='" . esc_attr(__('Remove this post from the Trash')) . "' href='" . wp_nonce_url("post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID) . "'>" . __('Restore') . "</a>"; 
     1445                                        $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post permanently')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>"; 
     1446                                } 
    14451447                        } else { 
    14461448                                if ( current_user_can('edit_post', $post->ID) ) { 
    14471449                                        $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . esc_attr(__('Edit this post')) . '">' . __('Edit') . '</a>'; 
  • wp-admin/includes/media.php

     
    10621062        } 
    10631063 
    10641064        $output = ''; 
    1065         foreach ( (array) $attachments as $id => $attachment ) 
     1065        foreach ( (array) $attachments as $id => $attachment ) { 
     1066                if ( $attachment->post_status == 'trash' ) 
     1067                        continue; 
    10661068                if ( $item = get_media_item( $id, array( 'errors' => isset($errors[$id]) ? $errors[$id] : null) ) ) 
    10671069                        $output .= "\n<div id='media-item-$id' class='media-item child-of-$attachment->post_parent preloaded'><div class='progress'><div class='bar'></div></div><div id='media-upload-error-$id'></div><div class='filename'></div>$item\n</div>"; 
     1070        } 
    10681071 
    10691072        return $output; 
    10701073} 
     
    11661169                'extra_rows' => array(), 
    11671170        ); 
    11681171 
    1169         $delete_href = wp_nonce_url("post.php?action=trash&amp;post=$attachment_id", 'delete-post_' . $attachment_id); 
     1172        $delete_href = wp_nonce_url("post.php?action=trash&amp;post=$attachment_id", 'trash-post_' . $attachment_id); 
    11701173        if ( $send ) 
    11711174                $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . esc_attr__( 'Insert into Post' ) . "' />"; 
    11721175        if ( $delete ) 
    1173                 $delete = "<a href=\"$delete_href\" id=\"del[$attachment_id]\" class=\"delete\">" . __('Move to Trash') . "</a>"; 
     1176                $delete = current_user_can('delete_post', $attachment_id) ? "<a href=\"$delete_href\" id=\"del[$attachment_id]\" class=\"delete\">" . __('Move to Trash') . "</a>" : ""; 
    11741177        if ( ( $send || $delete ) && !isset($form_fields['buttons']) ) 
    11751178                $form_fields['buttons'] = array('tr' => "\t\t<tr class='submit'><td></td><td class='savesend'>$send $delete</td></tr>\n"); 
    11761179 
  • wp-admin/edit-attachment-rows.php

     
    5959 
    6060        case 'cb': 
    6161                ?> 
    62                 <th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php the_ID(); ?>" /></th> 
     62                <th scope="row" class="check-column"><?php if (current_user_can('edit_post', $post->ID)) { ?><input type="checkbox" name="media[]" value="<?php the_ID(); ?>" /><?php } ?></th> 
    6363                <?php 
    6464                break; 
    6565 
     
    8989                <p> 
    9090                <?php 
    9191                $actions = array(); 
    92                 if ( $is_trash && current_user_can('delete_post', $post->ID) ) { 
    93                         $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID) . "'>" . __('Restore') . "</a>"; 
    94                         $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>"; 
     92                if ($is_trash) { 
     93                        if (current_user_can('delete_post', $post->ID)) { 
     94                                $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID) . "'>" . __('Restore') . "</a>"; 
     95                                $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>"; 
     96                        } 
    9597                } else { 
    9698                        if ( current_user_can('edit_post', $post->ID) ) 
    9799                                $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>'; 
  • wp-admin/upload.php

     
    321321 
    322322<?php if ( isset($_GET['detached']) ) { ?> 
    323323        <input type="submit" id="find_detached" name="find_detached" value="<?php esc_attr_e('Scan for lost attachments'); ?>" class="button-secondary" /> 
    324 <?php } elseif ( isset($_GET['status']) && $_GET['status'] == 'trash' ) { ?> 
     324<?php } elseif ( isset($_GET['status']) && $_GET['status'] == 'trash' && current_user_can('edit_others_posts')) { ?> 
    325325        <input type="submit" id="delete_all" name="delete_all" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" /> 
    326326<?php } ?> 
    327327 
     
    362362                        $att_title = esc_html( _draft_or_post_title($post->ID) ); 
    363363?> 
    364364        <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top"> 
    365                 <th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /></th> 
     365                <th scope="row" class="check-column"><?php if (current_user_can('edit_post', $post->ID)) { ?><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /><?php } ?></th> 
    366366 
    367367                <td class="media-icon"><?php 
    368368                if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?> 
     
    446446</select> 
    447447<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    448448 
    449 <?php if ( isset($_GET['status']) && $_GET['status'] == 'trash' ) { ?> 
     449<?php if ( isset($_GET['status']) && $_GET['status'] == 'trash' && current_user_can('edit_others_posts')) { ?> 
    450450        <input type="submit" id="delete_all2" name="delete_all2" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" /> 
    451451<?php } ?> 
    452452</div> 
  • wp-admin/edit-form-comment.php

     
    6868 
    6969<div id="major-publishing-actions"> 
    7070<div id="delete-action"> 
    71 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "'>" . __('Move to Trash') . "</a>\n"; ?> 
     71<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=trashcomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'trash-comment_' . $comment->comment_ID) . "'>" . __('Move to Trash') . "</a>\n"; ?> 
    7272</div> 
    7373<div id="publishing-action"> 
    7474<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" />