Make WordPress Core

Changeset 49389


Ignore:
Timestamp:
10/29/2020 06:26:20 PM (4 years ago)
Author:
whyisjake
Message:

XML-RPC: Improve error messages for unprivileged users.

Add specific permission checks to avoid ambiguous failure messages.

This brings the changes in [49380] to the 5.5 branch.

Props zieladam, peterwilsoncc, xknown, whyisjake.

Location:
branches/5.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.5

  • branches/5.5/src/wp-includes/class-wp-xmlrpc-server.php

    r49376 r49389  
    38763876        }
    38773877
     3878        if (
     3879            'publish' === get_post_status( $post_id ) &&
     3880            ! current_user_can( 'edit_post', $post_id ) &&
     3881            post_password_required( $post_id )
     3882        ) {
     3883            return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
     3884        }
     3885
     3886        if (
     3887            'private' === get_post_status( $post_id ) &&
     3888            ! current_user_can( 'read_post', $post_id )
     3889        ) {
     3890            return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
     3891        }
     3892
    38783893        if ( empty( $content_struct['content'] ) ) {
    38793894            return new IXR_Error( 403, __( 'Comment is required.' ) );
Note: See TracChangeset for help on using the changeset viewer.