WordPress.org

Make WordPress Core

Changeset 22769


Ignore:
Timestamp:
11/21/2012 04:34:57 PM (7 years ago)
Author:
westi
Message:

Posting: Improve the capability checking _wp_translate_postdata() when updating posts.

  • Use the specific post_type's 'edit_post' cap
  • Pass the ID of the post being edited.

Fixes #22417

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/post.php

    r22743 r22769  
    5454    $ptype = get_post_type_object( $post_data['post_type'] );
    5555    if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) {
    56         if ( !current_user_can( $ptype->cap->edit_others_posts ) ) {
    57             if ( 'page' == $post_data['post_type'] ) {
    58                 return new WP_Error( 'edit_others_pages', $update ?
    59                     __( 'You are not allowed to edit pages as this user.' ) :
    60                     __( 'You are not allowed to create pages as this user.' )
    61                 );
    62             } else {
    63                 return new WP_Error( 'edit_others_posts', $update ?
    64                     __( 'You are not allowed to edit posts as this user.' ) :
    65                     __( 'You are not allowed to create posts as this user.' )
    66                 );
     56        if ( $update ) {
     57            if ( ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
     58                if ( 'page' == $post_data['post_type'] ) {
     59                    return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
     60                } else {
     61                    return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
     62                }
     63            }
     64        } else {
     65            if ( ! current_user_can( $ptype->cap->edit_others_posts )  ) {
     66                if ( 'page' == $post_data['post_type'] ) {
     67                    return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
     68                } else {
     69                    return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
     70                }
    6771            }
    6872        }
Note: See TracChangeset for help on using the changeset viewer.