Changeset 33378
- Timestamp:
- 07/23/2015 04:18:49 AM (9 years ago)
- Location:
- branches/3.8
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.8/src/wp-admin/includes/dashboard.php
r32205 r33378 333 333 function wp_dashboard_quick_press( $error_msg = false ) { 334 334 global $post_ID; 335 336 if ( ! current_user_can( 'edit_posts' ) ) { 337 return; 338 } 335 339 336 340 /* Check if a new auto-draft (= no new post_ID) is needed or if the old can be used */ -
branches/3.8/src/wp-admin/post.php
r26960 r33378 110 110 $error_msg = __( 'Unable to submit this form, please refresh and try again.' ); 111 111 112 if ( ! current_user_can( 'edit_posts' ) ) 113 $error_msg = __( 'Oops, you don’t have access to add new drafts.' ); 112 if ( ! current_user_can( 'edit_posts' ) ) { 113 exit; 114 } 114 115 115 116 if ( $error_msg ) -
branches/3.8/src/wp-includes/capabilities.php
r32201 r33378 1105 1105 case 'edit_page': 1106 1106 $post = get_post( $args[0] ); 1107 if ( empty( $post ) ) 1107 if ( empty( $post ) ) { 1108 $caps[] = 'do_not_allow'; 1108 1109 break; 1110 } 1109 1111 1110 1112 if ( 'revision' == $post->post_type ) { -
branches/3.8/tests/phpunit/tests/user/capabilities.php
r32201 r33378 699 699 wp_set_current_user( $old_uid ); 700 700 } 701 702 function test_subscriber_cant_edit_posts() { 703 $user = new WP_User( $this->factory->user->create( array( 'role' => 'subscriber' ) ) ); 704 wp_set_current_user( $user->ID ); 705 706 $post = $this->factory->post->create( array( 'post_author' => 1 ) ); 707 708 $this->assertFalse( current_user_can( 'edit_post', $post ) ); 709 $this->assertFalse( current_user_can( 'edit_post', $post + 1 ) ); 710 } 701 711 }
Note: See TracChangeset
for help on using the changeset viewer.