Changeset 24593 for trunk/wp-admin/includes/post.php

Timestamp:

07/08/2013 08:05:42 PM (13 years ago)

Author:

nacin

Message:

Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.

File:

• trunk/wp-admin/includes/post.php (modified) (3 diffs)

trunk/wp-admin/includes/post.php

@@ -29 +29 @@
     $ptype = get_post_type_object( $post_data['post_type'] );
 
-    if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
+    if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
         if ( 'page' == $post_data['post_type'] )
             return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
@@ -173 +173 @@
 
     $ptype = get_post_type_object($post_data['post_type']);
-    if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {
+    if ( !current_user_can( 'edit_post', $post_ID ) ) {
         if ( 'page' == $post_data['post_type'] )
             wp_die( __('You are not allowed to edit this page.' ));
@@ -375 +375 @@
         $post_type_object = get_post_type_object( get_post_type( $post_ID ) );
 
-        if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
+        if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) {
             $skipped[] = $post_ID;
             continue;