Changeset 2441 for trunk/wp-admin/post.php

Timestamp:

03/14/2005 12:48:11 AM (21 years ago)

Author:

ryan

Message:

Don't let users who cannot publish edit published posts, even their own. Make consistent use of user_can_create_post(). ​http://mosquito.wordpress.org/view.php?id=1004 Props: MC_incubus

File:

• trunk/wp-admin/post.php (modified) (3 diffs)

trunk/wp-admin/post.php

@@ -62 +62 @@
         $post_status = 'draft';
     // Double-check
-    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog') )
+    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
         $post_status = 'draft';
     $comment_status = $_POST['comment_status'];
@@ -230 +230 @@
         die ( __('You are not allowed to view other users\' private posts.') );
 
+    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) ) {
+         _e('You are not allowed to edit published posts.');
+         break;
+    }
+
     if ($post_status == 'static') {
         $page_template = get_post_meta($post_ID, '_wp_page_template', true);
@@ -306 +311 @@
     if (isset($_POST['publish'])) $post_status = 'publish';
     // Double-check
-    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog') )
+    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
         $post_status = 'draft';