Make WordPress Core


Ignore:
Timestamp:
10/29/2020 05:42:13 PM (4 years ago)
Author:
desrosj
Message:

XML-RPC: Improve error messages for unprivileged users.

Add specific permission checks to avoid ambiguous failure messages.

Props zieladam, peterwilsoncc, xknown, whyisjake.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r49303 r49380  
    38773877        }
    38783878
     3879        if (
     3880            'publish' === get_post_status( $post_id ) &&
     3881            ! current_user_can( 'edit_post', $post_id ) &&
     3882            post_password_required( $post_id )
     3883        ) {
     3884            return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
     3885        }
     3886
     3887        if (
     3888            'private' === get_post_status( $post_id ) &&
     3889            ! current_user_can( 'read_post', $post_id )
     3890        ) {
     3891            return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
     3892        }
     3893
    38793894        $comment = array(
    38803895            'comment_post_ID' => $post_id,
Note: See TracChangeset for help on using the changeset viewer.