Changeset 15032

Timestamp:

05/28/2010 03:49:13 PM (13 years ago)

Author:

markjaquith

Message:

Do proper caps check when processing bulk edited posts, and hide the checkbox on the Page edit page for users who lack permissions. props ocean90

Location:

trunk/wp-admin/includes

Files:

• post.php (modified) (1 diff)
• template.php (modified) (1 diff)

trunk/wp-admin/includes/post.php

@@ -300 +300 @@
     $updated = $skipped = $locked = array();
     foreach ( $post_IDs as $post_ID ) {
-
-        if ( isset($children) && in_array($post_ID, $children) ) {
+        $post_type_object = get_post_type_object( get_post_type( $post_ID ) );
+
+        if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
             $skipped[] = $post_ID;
             continue;

trunk/wp-admin/includes/template.php

@@ -1530 +1530 @@
     case 'cb':
         ?>
-        <th scope="row" class="check-column"><input type="checkbox" name="post[]" value="<?php the_ID(); ?>" /></th>
+        <th scope="row" class="check-column"><?php if ( current_user_can( $post_type_object->cap->edit_post, $page->ID ) ) { ?><input type="checkbox" name="post[]" value="<?php the_ID(); ?>" /><?php } ?></th>
         <?php
         break;