WordPress.org
Get WordPress

Make WordPress Core

Changeset 2441


Ignore:
Timestamp:
03/14/2005 12:48:11 AM (20 years ago)
Author:
ryan
Message:

Don't let users who cannot publish edit published posts, even their own. Make consistent use of user_can_create_post(). http://mosquito.wordpress.org/view.php?id=1004 Props: MC_incubus

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/edit-form-advanced.php

    r2413 r2441  
    116116if ('publish' != $post_status || 0 == $post_ID) {
    117117?>
    118 <?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
     118<?php if ( user_can_create_post($user_ID) ) : ?>
    119119    <input name="publish" type="submit" id="publish" tabindex="10" value="<?php _e('Publish') ?>" />
    120120<?php endif; ?>
     
    136136    <tr>
    137137        <th scope="row" valign="top"><?php _e('Post Status') ?>:</th>
    138         <td><?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
     138        <td><?php if ( user_can_create_post($user_ID) ) : ?>
    139139<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post_status, 'publish'); ?> /> <?php _e('Published') ?></label><br />
    140140<?php endif; ?>

  • trunk/wp-admin/edit-form.php

    r2413 r2441  
    5959  <input name="saveasprivate" type="submit" id="saveasprivate" tabindex="10" value="<?php _e('Save as Private') ?>" />
    6060
    61 <?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
     61     <?php if ( user_can_create_post($user_ID) ) : ?>
    6262  <input name="publish" type="submit" id="publish" tabindex="6" style="font-weight: bold;" value="<?php _e('Publish') ?>" />
    6363<?php endif; ?>

  • trunk/wp-admin/post.php

    r2426 r2441  
    6262        $post_status = 'draft';
    6363    // Double-check
    64     if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog') )
     64    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
    6565        $post_status = 'draft';
    6666    $comment_status = $_POST['comment_status'];
     
    230230        die ( __('You are not allowed to view other users\' private posts.') );
    231231
     232    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) ) {
     233         _e('You are not allowed to edit published posts.');
     234         break;
     235    }
     236
    232237    if ($post_status == 'static') {
    233238        $page_template = get_post_meta($post_ID, '_wp_page_template', true);
     
    306311    if (isset($_POST['publish'])) $post_status = 'publish';
    307312    // Double-check
    308     if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog') )
     313    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
    309314        $post_status = 'draft';
    310315

  • trunk/wp-register.php

    r2437 r2441  
    5555   $user_nicename = sanitize_title($user_nickname);
    5656    $now = gmdate('Y-m-d H:i:s');
    57     if (get_settings('new_users_can_blog') >= 1) $user_level = 1;
     57    $user_level = get_settings('new_users_can_blog');
    5858    $password = substr( md5( uniqid( microtime() ) ), 0, 7);
    5959
Note: See TracChangeset for help on using the changeset viewer.