WordPress.org

Make WordPress Core

Ticket #4529: trash-fixes.diff

File trash-fixes.diff, 13.0 KB (added by caesarsgrunt, 9 years ago)

Mostly permissions fixes, and fix for bug mentioned by Westi.

  • wp-includes/post.php

     
    12641264
    12651265        do_action('untrash_post', $postid);
    12661266
    1267         $post['post_status'] = 'draft';
     1267        $post['post_status'] = ($post->post_type == 'attachment') ? 'inherit' : 'draft';
    12681268
    12691269        $trash_meta = get_option('wp_trash_meta');
    12701270        if ( is_array($trash_meta) && isset($trash_meta['posts'][$postid]) ) {
  • wp-includes/js/swfupload/handlers.dev.js

     
    7878                // Tell the server to delete it. TODO: handle exceptions
    7979                jQuery.ajax({url:'admin-ajax.php',type:'post',success:deleteSuccess,error:deleteError,id:fileObj.id,data:{
    8080                        id : this.id.replace(/[^0-9]/g,''),
    81                         action : 'delete-post',
     81                        action : 'trash-post',
    8282                        _ajax_nonce : this.href.replace(/^.*wpnonce=/,'')}
    8383                        });
    8484                return false;
  • wp-includes/capabilities.php

     
    775775                        // If the post is published...
    776776                        if ( 'publish' == $post->post_status )
    777777                                $caps[] = 'delete_published_posts';
     778                        elseif ( 'trash' == $post->post_status ) {
     779                                $trash_meta = get_option('wp_trash_meta');
     780                                if (is_array($trash_meta) && isset($trash_meta['posts'][$post->ID]['status']) && $trash_meta['posts'][$post->ID]['status'] == 'publish')
     781                                        $caps[] = 'delete_published_posts';
     782                        }
    778783                        else
    779784                                // If the post is draft...
    780785                                $caps[] = 'delete_posts';
     
    799804                        // If the page is published...
    800805                        if ( $page->post_status == 'publish' )
    801806                                $caps[] = 'delete_published_pages';
     807                        elseif ( 'trash' == $page->post_status ) {
     808                                $trash_meta = get_option('wp_trash_meta');
     809                                if (is_array($trash_meta) && isset($trash_meta['posts'][$page->ID]['status']) && $trash_meta['posts'][$page->ID]['status'] == 'publish')
     810                                        $caps[] = 'delete_published_pages';
     811                        }
    802812                        else
    803813                                // If the page is draft...
    804814                                $caps[] = 'delete_pages';
     
    829839                        // If the post is published...
    830840                        if ( 'publish' == $post->post_status )
    831841                                $caps[] = 'edit_published_posts';
     842                        elseif ( 'trash' == $post->post_status ) {
     843                                $trash_meta = get_option('wp_trash_meta');
     844                                if (is_array($trash_meta) && isset($trash_meta['posts'][$post->ID]['status']) && $trash_meta['posts'][$post->ID]['status'] == 'publish')
     845                                        $caps[] = 'edit_published_posts';
     846                        }
    832847                        else
    833848                                // If the post is draft...
    834849                                $caps[] = 'edit_posts';
     
    853868                        // If the page is published...
    854869                        if ( 'publish' == $page->post_status )
    855870                                $caps[] = 'edit_published_pages';
     871                        elseif ( 'trash' == $page->post_status ) {
     872                                $trash_meta = get_option('wp_trash_meta');
     873                                if (is_array($trash_meta) && isset($trash_meta['posts'][$page->ID]['status']) && $trash_meta['posts'][$page->ID]['status'] == 'publish')
     874                                        $caps[] = 'edit_published_pages';
     875                        }
    856876                        else
    857877                                // If the page is draft...
    858878                                $caps[] = 'edit_pages';
  • wp-admin/edit-comments.php

     
    303303
    304304if ( ( 'spam' == $comment_status || 'trash' == $comment_status) && current_user_can ('moderate_comments') ) {
    305305        wp_nonce_field('bulk-destroy', '_destroy_nonce');
    306     if ( 'spam' == $comment_status ) { ?>
     306    if ( 'spam' == $comment_status && current_user_can('moderate_comments') ) { ?>
    307307                <input type="submit" name="delete_all" id="delete_all" value="<?php esc_attr_e('Empty Spam'); ?>" class="button-secondary apply" />
    308308<?php } elseif ( 'trash' == $comment_status && current_user_can('moderate_comments') ) { ?>
    309309                <input type="submit" name="delete_all" id="delete_all" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" />
     
    375375</select>
    376376<input type="submit" name="doaction2" id="doaction2" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />
    377377
    378 <?php if ( 'spam' == $comment_status ) { ?>
     378<?php if ( 'spam' == $comment_status && current_user_can('moderate_comments') ) { ?>
    379379<input type="submit" name="delete_all2" id="delete_all2" value="<?php esc_attr_e('Empty Spam'); ?>" class="button-secondary apply" />
    380380<?php } elseif ( 'trash' == $comment_status && current_user_can('moderate_comments') ) { ?>
    381381<input type="submit" name="delete_all2" id="delete_all2" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" />
  • wp-admin/admin-ajax.php

     
    312312        else
    313313                die('0');
    314314        break;
     315case 'trash-post' :
     316        check_ajax_referer( "{$action}_$id" );
     317        if ( !current_user_can( 'delete_post', $id ) )
     318                die('-1');
     319
     320        if ( !get_post( $id ) )
     321                die('1');
     322
     323        if ( wp_trash_post( $id ) )
     324                die('1');
     325        else
     326                die('0');
     327        break;
    315328case 'delete-page' :
    316329        check_ajax_referer( "{$action}_$id" );
    317330        if ( !current_user_can( 'delete_page', $id ) )
  • wp-admin/includes/template.php

     
    14391439                                the_excerpt();
    14401440
    14411441                        $actions = array();
    1442                         if ( 'trash' == $post->post_status && current_user_can('delete_post', $post->ID) ) {
    1443                                 $actions['untrash'] = "<a title='" . esc_attr(__('Remove this post from the Trash')) . "' href='" . wp_nonce_url("post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID) . "'>" . __('Restore') . "</a>";
    1444                                 $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post permanently')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>";
     1442                        if ('trash' == $post->post_status) {
     1443                                if (current_user_can('delete_post', $post->ID)) {
     1444                                        $actions['untrash'] = "<a title='" . esc_attr(__('Remove this post from the Trash')) . "' href='" . wp_nonce_url("post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID) . "'>" . __('Restore') . "</a>";
     1445                                        $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post permanently')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>";
     1446                                }
    14451447                        } else {
    14461448                                if ( current_user_can('edit_post', $post->ID) ) {
    14471449                                        $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . esc_attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
  • wp-admin/includes/media.php

     
    10621062        }
    10631063
    10641064        $output = '';
    1065         foreach ( (array) $attachments as $id => $attachment )
     1065        foreach ( (array) $attachments as $id => $attachment ) {
     1066                if ( $attachment->post_status == 'trash' )
     1067                        continue;
    10661068                if ( $item = get_media_item( $id, array( 'errors' => isset($errors[$id]) ? $errors[$id] : null) ) )
    10671069                        $output .= "\n<div id='media-item-$id' class='media-item child-of-$attachment->post_parent preloaded'><div class='progress'><div class='bar'></div></div><div id='media-upload-error-$id'></div><div class='filename'></div>$item\n</div>";
     1070        }
    10681071
    10691072        return $output;
    10701073}
     
    11661169                'extra_rows' => array(),
    11671170        );
    11681171
    1169         $delete_href = wp_nonce_url("post.php?action=trash&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
     1172        $delete_href = wp_nonce_url("post.php?action=trash&amp;post=$attachment_id", 'trash-post_' . $attachment_id);
    11701173        if ( $send )
    11711174                $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . esc_attr__( 'Insert into Post' ) . "' />";
    11721175        if ( $delete )
    1173                 $delete = "<a href=\"$delete_href\" id=\"del[$attachment_id]\" class=\"delete\">" . __('Move to Trash') . "</a>";
     1176                $delete = current_user_can('delete_post', $attachment_id) ? "<a href=\"$delete_href\" id=\"del[$attachment_id]\" class=\"delete\">" . __('Move to Trash') . "</a>" : "";
    11741177        if ( ( $send || $delete ) && !isset($form_fields['buttons']) )
    11751178                $form_fields['buttons'] = array('tr' => "\t\t<tr class='submit'><td></td><td class='savesend'>$send $delete</td></tr>\n");
    11761179
  • wp-admin/edit-attachment-rows.php

     
    5959
    6060        case 'cb':
    6161                ?>
    62                 <th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php the_ID(); ?>" /></th>
     62                <th scope="row" class="check-column"><?php if (current_user_can('edit_post', $post->ID)) { ?><input type="checkbox" name="media[]" value="<?php the_ID(); ?>" /><?php } ?></th>
    6363                <?php
    6464                break;
    6565
     
    8989                <p>
    9090                <?php
    9191                $actions = array();
    92                 if ( $is_trash && current_user_can('delete_post', $post->ID) ) {
    93                         $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID) . "'>" . __('Restore') . "</a>";
    94                         $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>";
     92                if ($is_trash) {
     93                        if (current_user_can('delete_post', $post->ID)) {
     94                                $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID) . "'>" . __('Restore') . "</a>";
     95                                $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>";
     96                        }
    9597                } else {
    9698                        if ( current_user_can('edit_post', $post->ID) )
    9799                                $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
  • wp-admin/upload.php

     
    321321
    322322<?php if ( isset($_GET['detached']) ) { ?>
    323323        <input type="submit" id="find_detached" name="find_detached" value="<?php esc_attr_e('Scan for lost attachments'); ?>" class="button-secondary" />
    324 <?php } elseif ( isset($_GET['status']) && $_GET['status'] == 'trash' ) { ?>
     324<?php } elseif ( isset($_GET['status']) && $_GET['status'] == 'trash' && current_user_can('edit_others_posts')) { ?>
    325325        <input type="submit" id="delete_all" name="delete_all" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" />
    326326<?php } ?>
    327327
     
    362362                        $att_title = esc_html( _draft_or_post_title($post->ID) );
    363363?>
    364364        <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">
    365                 <th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /></th>
     365                <th scope="row" class="check-column"><?php if (current_user_can('edit_post', $post->ID)) { ?><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /><?php } ?></th>
    366366
    367367                <td class="media-icon"><?php
    368368                if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?>
     
    446446</select>
    447447<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
    448448
    449 <?php if ( isset($_GET['status']) && $_GET['status'] == 'trash' ) { ?>
     449<?php if ( isset($_GET['status']) && $_GET['status'] == 'trash' && current_user_can('edit_others_posts')) { ?>
    450450        <input type="submit" id="delete_all2" name="delete_all2" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" />
    451451<?php } ?>
    452452</div>
  • wp-admin/edit-form-comment.php

     
    6868
    6969<div id="major-publishing-actions">
    7070<div id="delete-action">
    71 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "'>" . __('Move to Trash') . "</a>\n"; ?>
     71<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=trashcomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'trash-comment_' . $comment->comment_ID) . "'>" . __('Move to Trash') . "</a>\n"; ?>
    7272</div>
    7373<div id="publishing-action">
    7474<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" />