WordPress.org

Make WordPress Core

Changeset 27976


Ignore:
Timestamp:
04/06/2014 10:15:05 PM (6 years ago)
Author:
nacin
Message:

Better checks for contributors when saving posts.

Merges [27964] and [27975] to the 3.8 branch.

props dd32, kovshenin, plocha.
see #27452.

Location:
branches/3.8
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/3.8

  • branches/3.8/src/wp-admin/includes/class-wp-posts-list-table.php

    r26245 r27976  
    840840    endif; // post_type_supports author
    841841
    842     if ( !$bulk ) :
     842    if ( !$bulk && $can_publish ) :
    843843    ?>
    844844
  • branches/3.8/src/wp-admin/includes/post.php

    r26169 r27976  
    101101    $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
    102102
     103    if ( isset( $post_data['post_status'] ) && 'private' == $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) {
     104        $post_data['post_status'] = $previous_status ? $previous_status : 'pending';
     105    }
     106
    103107    $published_statuses = array( 'publish', 'future' );
    104108
     
    111115    if ( ! isset($post_data['post_status']) )
    112116        $post_data['post_status'] = $previous_status;
     117
     118    if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) {
     119        unset( $post_data['post_password'] );
     120    }
    113121
    114122    if (!isset( $post_data['comment_status'] ))
     
    171179    $post_data['post_mime_type'] = $post->post_mime_type;
    172180
     181    if ( ! empty( $post_data['post_status'] ) ) {
     182        $post_data['post_status'] = sanitize_key( $post_data['post_status'] );
     183
     184        if ( 'inherit' == $post_data['post_status'] ) {
     185            unset( $post_data['post_status'] );
     186        }
     187    }
     188
    173189    $ptype = get_post_type_object($post_data['post_type']);
    174190    if ( !current_user_can( 'edit_post', $post_ID ) ) {
     
    188204    }
    189205
    190     $post_data = _wp_translate_postdata( true, $post_data );
    191     if ( is_wp_error($post_data) )
    192         wp_die( $post_data->get_error_message() );
    193206    if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
    194207        $post_data['post_status'] = 'draft';
     
    211224    }
    212225
     226    $post_data = _wp_translate_postdata( true, $post_data );
     227    if ( is_wp_error($post_data) )
     228        wp_die( $post_data->get_error_message() );
     229
    213230    // Post Formats
    214231    if ( isset( $post_data['post_format'] ) )
     
    332349    }
    333350    unset($post_data['_status']);
     351
     352    if ( ! empty( $post_data['post_status'] ) ) {
     353        $post_data['post_status'] = sanitize_key( $post_data['post_status'] );
     354
     355        if ( 'inherit' == $post_data['post_status'] ) {
     356            unset( $post_data['post_status'] );
     357        }
     358    }
    334359
    335360    $post_IDs = array_map( 'intval', (array) $post_data['post'] );
     
    423448        }
    424449
     450        $post_data['post_type'] = $post->post_type;
    425451        $post_data['post_mime_type'] = $post->post_mime_type;
    426452        $post_data['guid'] = $post->guid;
    427453
     454        foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
     455            if ( ! isset( $post_data[ $field ] ) ) {
     456                $post_data[ $field ] = $post->$field;
     457            }
     458        }
     459
    428460        $post_data['ID'] = $post_ID;
     461        $post_data['post_ID'] = $post_ID;
     462
     463        $post_data = _wp_translate_postdata( true, $post_data );
     464        if ( is_wp_error( $post_data ) ) {
     465            $skipped[] = $post_ID;
     466            continue;
     467        }
     468
    429469        $updated[] = wp_update_post( $post_data );
    430470
     
    570610        return edit_post();
    571611
    572     $translated = _wp_translate_postdata( false );
    573     if ( is_wp_error($translated) )
    574         return $translated;
    575 
    576612    if ( isset($_POST['visibility']) ) {
    577613        switch ( $_POST['visibility'] ) {
     
    589625        }
    590626    }
     627
     628    $translated = _wp_translate_postdata( false );
     629    if ( is_wp_error($translated) )
     630        return $translated;
    591631
    592632    // Create the post.
Note: See TracChangeset for help on using the changeset viewer.