WordPress.org

Make WordPress Core

Changeset 20568


Ignore:
Timestamp:
04/23/12 21:54:30 (2 years ago)
Author:
ryan
Message:

Check the publish_post cap when publishing an already existing post.

Props nprasath002
Fixes #20474

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-xmlrpc-server.php

    r20566 r20568  
    786786                break; 
    787787            case 'private': 
    788                 if ( ! current_user_can( $post_type->cap->publish_posts ) ) 
    789                     return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' )); 
     788                if ( $update ) { 
     789                    if ( ! current_user_can( $post_type->cap->publish_post, $post_data[ 'ID' ] ) ) 
     790                        return new IXR_Error( 401, __( 'Sorry, you are not allowed to set this post as private.' ) ); 
     791                } else { 
     792                    if ( ! current_user_can( $post_type->cap->publish_posts ) ) 
     793                        return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' )); 
     794                } 
    790795                break; 
    791796            case 'publish': 
    792797            case 'future': 
    793                 if ( ! current_user_can( $post_type->cap->publish_posts ) ) 
    794                     return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' )); 
     798                if ( $update ) { 
     799                    if ( ! current_user_can( $post_type->cap->publish_post, $post_data[ 'ID' ] ) ) 
     800                        return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) ); 
     801                } else { 
     802                    if ( ! current_user_can( $post_type->cap->publish_posts ) ) 
     803                        return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' )); 
     804                } 
    795805                break; 
    796806            default: 
Note: See TracChangeset for help on using the changeset viewer.