Make WordPress Core


Ignore:
Timestamp:
09/13/2013 09:21:16 PM (11 years ago)
Author:
wonderboymusic
Message:
  • Avoid notices in tests/ajax/Autosave by bailing early when get_post() returns nothing.
  • Check for the existence of $_POST['catslist'] before using it in wp_ajax_autosave().

See #25282.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r25279 r25430  
    10481048    check_ajax_referer( 'autosave', 'autosavenonce' );
    10491049
    1050     $_POST['post_category'] = explode(",", $_POST['catslist']);
    1051     if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
    1052         unset($_POST['post_category']);
     1050    if ( ! empty( $_POST['catslist'] ) )
     1051        $_POST['post_category'] = explode( ',', $_POST['catslist'] );
     1052    if ( $_POST['post_type'] == 'page' || empty( $_POST['post_category'] ) )
     1053        unset( $_POST['post_category'] );
    10531054
    10541055    $data = '';
     
    10581059    $post_id = (int) $_POST['post_id'];
    10591060    $_POST['ID'] = $_POST['post_ID'] = $post_id;
    1060     $post = get_post($post_id);
     1061    $post = get_post( $post_id );
     1062    if ( empty( $post->ID ) || ! current_user_can( 'edit_post', $post->ID ) )
     1063        wp_die( __( 'You are not allowed to edit this post.' ) );
     1064
     1065    if ( 'page' == $post->post_type && ! current_user_can( 'edit_page', $post->ID ) )
     1066        wp_die( __( 'You are not allowed to edit this page.' ) );
     1067
    10611068    if ( 'auto-draft' == $post->post_status )
    10621069        $_POST['post_status'] = 'draft';
    1063 
    1064     if ( 'page' == $post->post_type ) {
    1065         if ( !current_user_can('edit_page', $post->ID) )
    1066             wp_die( __( 'You are not allowed to edit this page.' ) );
    1067     } else {
    1068         if ( !current_user_can('edit_post', $post->ID) )
    1069             wp_die( __( 'You are not allowed to edit this post.' ) );
    1070     }
    10711070
    10721071    if ( ! empty( $_POST['autosave'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.