Changeset 19864
- Timestamp:
- 02/08/2012 02:54:15 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/class-wp-xmlrpc-server.php
r19848 r19864 619 619 620 620 $post_type = get_post_type_object( $post_data['post_type'] ); 621 if ( ! ( (bool) $post_type ) )621 if ( ! ( (bool) $post_type ) ) 622 622 return new IXR_Error( 403, __( 'Invalid post type' ) ); 623 623 624 if ( ! current_user_can( $post_type->cap->edit_posts ) )624 if ( ! current_user_can( $post_type->cap->edit_posts ) ) 625 625 return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); 626 626 … … 630 630 break; 631 631 case 'private': 632 if ( ! current_user_can( $post_type->cap->publish_posts ) )632 if ( ! current_user_can( $post_type->cap->publish_posts ) ) 633 633 return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' )); 634 634 break; 635 635 case 'publish': 636 636 case 'future': 637 if ( ! current_user_can( $post_type->cap->publish_posts ) )637 if ( ! current_user_can( $post_type->cap->publish_posts ) ) 638 638 return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' )); 639 639 break; … … 648 648 649 649 $post_data['post_author'] = absint( $post_data['post_author'] ); 650 if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) {651 if ( ! current_user_can( $post_type->cap->edit_others_posts ) )650 if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) { 651 if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) 652 652 return new IXR_Error( 401, __( 'You are not allowed to create posts as this user.' ) ); 653 653 654 654 $author = get_userdata( $post_data['post_author'] ); 655 655 656 if ( ! $author )656 if ( ! $author ) 657 657 return new IXR_Error( 404, __( 'Invalid author ID.' ) ); 658 658 } … … 661 661 } 662 662 663 if ( isset( $post_data['comment_status'] ) ) {664 if ( ! post_type_supports( $post_data['post_type'], 'comments' ) || ( $post_data['comment_status'] != 'open' && $post_data['comment_status'] != 'closed' ) ) {663 if ( isset( $post_data['comment_status'] ) ) { 664 if ( ! post_type_supports( $post_data['post_type'], 'comments' ) || ( $post_data['comment_status'] != 'open' && $post_data['comment_status'] != 'closed' ) ) { 665 665 unset( $post_data['comment_status'] ); 666 666 } 667 667 } 668 668 669 if ( isset( $post_data['ping_status'] ) ) {670 if ( ! post_type_supports( $post_data['post_type'], 'trackbacks' ) || ( $post_data['ping_status'] != 'open' && $post_data['ping_status'] != 'closed' ) ) {669 if ( isset( $post_data['ping_status'] ) ) { 670 if ( ! post_type_supports( $post_data['post_type'], 'trackbacks' ) || ( $post_data['ping_status'] != 'open' && $post_data['ping_status'] != 'closed' ) ) { 671 671 unset( $post_data['ping_status'] ); 672 672 } … … 693 693 $sticky = $post_data['sticky'] ? true : false; 694 694 695 if ( $post_data['post_type'] == 'post' && $sticky == true ) {696 if ( ! current_user_can( $post_type->cap->edit_others_posts ) )695 if ( $post_data['post_type'] == 'post' && $sticky == true ) { 696 if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) 697 697 return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) ); 698 698 699 if ( $post_data['post_status'] != 'publish' )699 if ( $post_data['post_status'] != 'publish' ) 700 700 return new IXR_Error( 401, __( 'Only published posts can be made sticky.' ) ); 701 701 … … 703 703 } 704 704 705 if ( isset ( $post_data['custom_fields'] ) && post_type_supports( $post_data['post_type'], 'custom-fields' ) ) {705 if ( isset ( $post_data['custom_fields'] ) && post_type_supports( $post_data['post_type'], 'custom-fields' ) ) { 706 706 $this->set_custom_fields( $post_ID, $post_data['custom_fields'] ); 707 707 } 708 708 709 if ( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) {709 if ( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) { 710 710 $post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' ); 711 711 … … 714 714 715 715 // first validate the terms specified by ID 716 if ( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) {716 if ( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) { 717 717 $taxonomies = array_keys( $post_data['terms'] ); 718 718 … … 722 722 return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) ); 723 723 724 if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) )724 if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) ) 725 725 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies' ) ); 726 726 … … 745 745 return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) ); 746 746 747 if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) )747 if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) ) 748 748 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); 749 749 750 750 // for hierarchical taxonomies, we can't assign a term when multiple terms in the hierarchy share the same name 751 751 $ambiguous_terms = array(); 752 if ( is_taxonomy_hierarchical( $taxonomy ) ) {752 if ( is_taxonomy_hierarchical( $taxonomy ) ) { 753 753 $tax_term_names = get_terms( $taxonomy, array( 'fields' => 'names', 'hide_empty' => false ) ); 754 754 … … 771 771 if ( ! $term ) { 772 772 // term doesn't exist, so check that the user is allowed to create new terms 773 if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->edit_terms ) )773 if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->edit_terms ) ) 774 774 return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) ); 775 775 … … 797 797 } 798 798 799 if ( isset( $post_data['post_format'] ) ) {799 if ( isset( $post_data['post_format'] ) ) { 800 800 $format = set_post_format( $post_ID, $post_data['post_format'] ); 801 801 … … 909 909 910 910 $post_type = get_post_type_object( $post['post_type'] ); 911 if ( ! current_user_can( $post_type->cap->delete_post, $post_id ) )911 if ( ! current_user_can( $post_type->cap->delete_post, $post_id ) ) 912 912 return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); 913 913
Note: See TracChangeset
for help on using the changeset viewer.