WordPress.org

Make WordPress Core

Changeset 19914


Ignore:
Timestamp:
02/13/2012 09:01:55 PM (6 years ago)
Author:
ryan
Message:

Disallow changing the post type in mw_editPost(). see #18429

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-xmlrpc-server.php

    r19905 r19914  
    31693169            return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this post.' ) );
    31703170
     3171        // Use wp.editPost to edit post types other than post and page.
     3172        if ( ! in_array( $postdata[ 'post_type' ], array( 'post', 'page' ) ) )
     3173            return new IXR_Error( 401, __( 'Invalid post type.' ) );
     3174
     3175        // Thwart attempt to change the post type.
     3176        if ( ! empty( $content_struct[ 'post_type' ] ) && ( $content_struct['post_type'] != $postdata[ 'post_type' ] ) )
     3177            return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
     3178
    31713179        // Check for a valid post format if one was given
    31723180        if ( isset( $content_struct['wp_post_format'] ) ) {
     
    31973205        if ( isset($content_struct['wp_page_order']) )
    31983206            $menu_order = $content_struct['wp_page_order'];
     3207
     3208        if ( ! empty( $content_struct['wp_page_template'] ) && 'page' == $post_type )
     3209            $page_template = $content_struct['wp_page_template'];
    31993210
    32003211        $post_author = $postdata['post_author'];
Note: See TracChangeset for help on using the changeset viewer.