WordPress.org

Make WordPress Core

Changeset 16135


Ignore:
Timestamp:
11/01/2010 04:28:35 PM (8 years ago)
Author:
ryan
Message:

Die if user doesn't have caps for the post type. Props duck_. fixes #15259

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/post-new.php

    r14713 r16135  
    3131$editing = true;
    3232
    33 if ( 'post' == $post_type && !current_user_can('edit_posts') ) {
    34     include('./admin-header.php'); ?>
    35 <div class="wrap">
    36 <p><?php printf(__('Since you&#8217;re a newcomer, you&#8217;ll have to wait for an admin to add the <code>edit_posts</code> capability to your user, in order to be authorized to post.<br />
    37 You can also <a href="mailto:%s?subject=Promotion?">e-mail the admin</a> to ask for a promotion.<br />
    38 When you&#8217;re promoted, just reload this page and you&#8217;ll be able to blog. :)'), get_option('admin_email')); ?>
    39 </p>
    40 </div>
    41 <?php
    42     include('./admin-footer.php');
    43     exit();
    44 }
     33if ( ! current_user_can( $post_type_object->cap->edit_posts ) )
     34    wp_die( __( 'Cheatin&#8217; uh?' ) );
    4535
    4636wp_enqueue_script('autosave');
    4737
    4838// Show post form.
    49 if ( current_user_can($post_type_object->cap->edit_posts) ) {
    50     $post = get_default_post_to_edit( $post_type, true );
    51     $post_ID = $post->ID;
    52     include('edit-form-advanced.php');
    53 }
    54 
     39$post = get_default_post_to_edit( $post_type, true );
     40$post_ID = $post->ID;
     41include('edit-form-advanced.php');
    5542include('./admin-footer.php');
    5643?>
Note: See TracChangeset for help on using the changeset viewer.