WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/05/2014 09:18:44 PM (6 years ago)
Author:
nacin
Message:

Better checks for contributors when saving posts.

props dd32, kovshenin, plocha.
see #27452.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/post.php

    r27869 r27964  
    8787            $post_data['post_status'] = 'draft';
    8888        }
     89
     90        if ( ! get_post_status_object( $post_data['post_status'] ) ) {
     91            unset( $post_data['post_status'] );
     92        }
    8993    }
    9094
     
    107111    $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
    108112
     113    if ( isset( $post_data['post_status'] ) && 'private' == $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) {
     114        $post_data['post_status'] = $previous_status ? $previous_status : 'pending';
     115    }
     116
    109117    $published_statuses = array( 'publish', 'future' );
    110118
     
    117125    if ( ! isset( $post_data['post_status'] ) ) {
    118126        $post_data['post_status'] = 'auto-draft' === $previous_status ? 'draft' : $previous_status;
     127    }
     128
     129    if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) {
     130        unset( $post_data['post_password'] );
    119131    }
    120132
     
    178190    $post_data['post_mime_type'] = $post->post_mime_type;
    179191
     192    if ( ! empty( $post_data['post_status'] ) ) {
     193        $post_data['post_status'] = sanitize_key( $post_data['post_status'] );
     194
     195        if ( 'inherit' == $post_data['post_status'] ) {
     196            unset( $post_data['post_status'] );
     197        }
     198    }
     199
    180200    $ptype = get_post_type_object($post_data['post_type']);
    181201    if ( !current_user_can( 'edit_post', $post_ID ) ) {
     
    194214            _wp_upgrade_revisions_of_post( $post, wp_get_post_revisions( $post_ID ) );
    195215    }
    196 
    197     $post_data = _wp_translate_postdata( true, $post_data );
    198     if ( is_wp_error($post_data) )
    199         wp_die( $post_data->get_error_message() );
    200216
    201217    if ( isset($post_data['visibility']) ) {
     
    215231    }
    216232
     233    $post_data = _wp_translate_postdata( true, $post_data );
     234    if ( is_wp_error($post_data) )
     235        wp_die( $post_data->get_error_message() );
     236
    217237    // Post Formats
    218238    if ( isset( $post_data['post_format'] ) )
     
    351371    }
    352372    unset($post_data['_status']);
     373
     374    if ( ! empty( $post_data['post_status'] ) ) {
     375        $post_data['post_status'] = sanitize_key( $post_data['post_status'] );
     376
     377        if ( 'inherit' == $post_data['post_status'] ) {
     378            unset( $post_data['post_status'] );
     379        }
     380    }
    353381
    354382    $post_IDs = array_map( 'intval', (array) $post_data['post'] );
     
    442470        }
    443471
     472        $post_data['post_type'] = $post->post_type;
    444473        $post_data['post_mime_type'] = $post->post_mime_type;
    445474        $post_data['guid'] = $post->guid;
    446475
     476        foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
     477            if ( ! isset( $post_data[ $field ] ) ) {
     478                $post_data[ $field ] = $post->$field;
     479            }
     480        }
     481
    447482        $post_data['ID'] = $post_ID;
     483        $post_data['post_ID'] = $post_ID;
     484
     485        $post_data = _wp_translate_postdata( true, $post_data );
     486        if ( is_wp_error( $post_data ) ) {
     487            $skipped[] = $post_ID;
     488            continue;
     489        }
     490
    448491        $updated[] = wp_update_post( $post_data );
    449492
Note: See TracChangeset for help on using the changeset viewer.