WordPress.org

Make WordPress Core

Changeset 19914


Ignore:
Timestamp:
02/13/12 21:01:55 (2 years ago)
Author:
ryan
Message:

Disallow changing the post type in mw_editPost(). see #18429

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-xmlrpc-server.php

    r19905 r19914  
    31693169            return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this post.' ) ); 
    31703170 
     3171        // Use wp.editPost to edit post types other than post and page. 
     3172        if ( ! in_array( $postdata[ 'post_type' ], array( 'post', 'page' ) ) ) 
     3173            return new IXR_Error( 401, __( 'Invalid post type.' ) ); 
     3174 
     3175        // Thwart attempt to change the post type. 
     3176        if ( ! empty( $content_struct[ 'post_type' ] ) && ( $content_struct['post_type'] != $postdata[ 'post_type' ] ) ) 
     3177            return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); 
     3178 
    31713179        // Check for a valid post format if one was given 
    31723180        if ( isset( $content_struct['wp_post_format'] ) ) { 
     
    31973205        if ( isset($content_struct['wp_page_order']) ) 
    31983206            $menu_order = $content_struct['wp_page_order']; 
     3207 
     3208        if ( ! empty( $content_struct['wp_page_template'] ) && 'page' == $post_type ) 
     3209            $page_template = $content_struct['wp_page_template'];  
    31993210 
    32003211        $post_author = $postdata['post_author']; 
Note: See TracChangeset for help on using the changeset viewer.