Changeset 27976

Timestamp:

04/06/2014 10:15:05 PM (10 years ago)

Author:

nacin

Message:

Better checks for contributors when saving posts.

Merges [27964] and [27975] to the 3.8 branch.

props dd32, kovshenin, plocha.
see #27452.

Location:

branches/3.8

Files:

• . (modified) (1 prop)
• src/wp-admin/includes/class-wp-posts-list-table.php (modified) (1 diff)
• src/wp-admin/includes/post.php (modified) (9 diffs)

branches/3.8/src/wp-admin/includes/class-wp-posts-list-table.php

@@ -840 +840 @@
     endif; // post_type_supports author
 
-    if ( !$bulk ) :
+    if ( !$bulk && $can_publish ) :
     ?>
 

branches/3.8/src/wp-admin/includes/post.php

@@ -101 +101 @@
     $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
 
+    if ( isset( $post_data['post_status'] ) && 'private' == $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) {
+        $post_data['post_status'] = $previous_status ? $previous_status : 'pending';
+    }
+
     $published_statuses = array( 'publish', 'future' );
 
@@ -111 +115 @@
     if ( ! isset($post_data['post_status']) )
         $post_data['post_status'] = $previous_status;
+
+    if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) {
+        unset( $post_data['post_password'] );
+    }
 
     if (!isset( $post_data['comment_status'] ))
@@ -171 +179 @@
     $post_data['post_mime_type'] = $post->post_mime_type;
 
+    if ( ! empty( $post_data['post_status'] ) ) {
+        $post_data['post_status'] = sanitize_key( $post_data['post_status'] );
+
+        if ( 'inherit' == $post_data['post_status'] ) {
+            unset( $post_data['post_status'] );
+        }
+    }
+
     $ptype = get_post_type_object($post_data['post_type']);
     if ( !current_user_can( 'edit_post', $post_ID ) ) {
@@ -188 +204 @@
     }
 
-    $post_data = _wp_translate_postdata( true, $post_data );
-    if ( is_wp_error($post_data) )
-        wp_die( $post_data->get_error_message() );
     if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
         $post_data['post_status'] = 'draft';
@@ -211 +224 @@
     }
 
+    $post_data = _wp_translate_postdata( true, $post_data );
+    if ( is_wp_error($post_data) )
+        wp_die( $post_data->get_error_message() );
+
     // Post Formats
     if ( isset( $post_data['post_format'] ) )
@@ -332 +349 @@
     }
     unset($post_data['_status']);
+
+    if ( ! empty( $post_data['post_status'] ) ) {
+        $post_data['post_status'] = sanitize_key( $post_data['post_status'] );
+
+        if ( 'inherit' == $post_data['post_status'] ) {
+            unset( $post_data['post_status'] );
+        }
+    }
 
     $post_IDs = array_map( 'intval', (array) $post_data['post'] );
@@ -423 +448 @@
         }
 
+        $post_data['post_type'] = $post->post_type;
         $post_data['post_mime_type'] = $post->post_mime_type;
         $post_data['guid'] = $post->guid;
 
+        foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
+            if ( ! isset( $post_data[ $field ] ) ) {
+                $post_data[ $field ] = $post->$field;
+            }
+        }
+
         $post_data['ID'] = $post_ID;
+        $post_data['post_ID'] = $post_ID;
+
+        $post_data = _wp_translate_postdata( true, $post_data );
+        if ( is_wp_error( $post_data ) ) {
+            $skipped[] = $post_ID;
+            continue;
+        }
+
         $updated[] = wp_update_post( $post_data );
 
@@ -570 +610 @@
         return edit_post();
 
-    $translated = _wp_translate_postdata( false );
-    if ( is_wp_error($translated) )
-        return $translated;
-
     if ( isset($_POST['visibility']) ) {
         switch ( $_POST['visibility'] ) {
@@ -589 +625 @@
         }
     }
+
+    $translated = _wp_translate_postdata( false );
+    if ( is_wp_error($translated) )
+        return $translated;
 
     // Create the post.