Changeset 19914

Timestamp:

02/13/2012 09:01:55 PM (13 years ago)

Author:

ryan

Message:

Disallow changing the post type in mw_editPost(). see #18429

File:

• trunk/wp-includes/class-wp-xmlrpc-server.php (modified) (2 diffs)

trunk/wp-includes/class-wp-xmlrpc-server.php

@@ -3169 +3169 @@
             return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this post.' ) );
 
+        // Use wp.editPost to edit post types other than post and page.
+        if ( ! in_array( $postdata[ 'post_type' ], array( 'post', 'page' ) ) )
+            return new IXR_Error( 401, __( 'Invalid post type.' ) );
+
+        // Thwart attempt to change the post type.
+        if ( ! empty( $content_struct[ 'post_type' ] ) && ( $content_struct['post_type'] != $postdata[ 'post_type' ] ) )
+            return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
+
         // Check for a valid post format if one was given
         if ( isset( $content_struct['wp_post_format'] ) ) {
@@ -3197 +3205 @@
         if ( isset($content_struct['wp_page_order']) )
             $menu_order = $content_struct['wp_page_order'];
+
+        if ( ! empty( $content_struct['wp_page_template'] ) && 'page' == $post_type )
+            $page_template = $content_struct['wp_page_template']; 
 
         $post_author = $postdata['post_author'];