WordPress.org

Make WordPress Core

Changeset 5074


Ignore:
Timestamp:
03/21/2007 10:15:20 PM (11 years ago)
Author:
ryan
Message:

Check for publish caps when editing via xmlrpc.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/xmlrpc.php

    r5054 r5074  
    847847      extract($actual_post);
    848848
     849      if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
     850        return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
     851
    849852      $post_title = xmlrpc_getposttitle($content);
    850853      $post_category = xmlrpc_getpostcategory($content);
     
    10731076
    10741077      set_current_user(0, $user_login);
    1075       if ( !current_user_can('edit_post', $post_ID) )
    1076         return new IXR_Error(401, 'Sorry, you can not edit this post.');
    1077 
    1078       $postdata = wp_get_single_post($post_ID, ARRAY_A);
    1079       extract($postdata);
    1080         $this->escape($postdata);
    10811078
    10821079        // The post_type defaults to post, but could also be page.
     
    10881085            $post_type = "page";
    10891086        }
     1087
     1088      // Edit page caps are checked in editPage.  Just check post here.
     1089      if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) )
     1090        return new IXR_Error(401, 'Sorry, you can not edit this post.');
     1091
     1092      $postdata = wp_get_single_post($post_ID, ARRAY_A);
     1093      extract($postdata);
     1094        $this->escape($postdata);
    10901095
    10911096        // Let WordPress manage slug if none was provided.
     
    11591164      $post_more = $content_struct['mt_text_more'];
    11601165      $post_status = $publish ? 'publish' : 'draft';
     1166
     1167      if ( ('publish' == $post_status) ) {
     1168        if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') )
     1169            return new IXR_Error(401, 'Sorry, you do not have the right to publish this page.');
     1170        else if ( !current_user_can('publish_posts') )
     1171            return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
     1172      }
    11611173
    11621174      if ($post_more) {
Note: See TracChangeset for help on using the changeset viewer.