WordPress.org

Make WordPress Core

Changeset 5074


Ignore:
Timestamp:
03/21/07 22:15:20 (8 years ago)
Author:
ryan
Message:

Check for publish caps when editing via xmlrpc.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/xmlrpc.php

    r5054 r5074  
    847847      extract($actual_post); 
    848848 
     849      if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) 
     850        return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.'); 
     851 
    849852      $post_title = xmlrpc_getposttitle($content); 
    850853      $post_category = xmlrpc_getpostcategory($content); 
     
    10731076 
    10741077      set_current_user(0, $user_login); 
    1075       if ( !current_user_can('edit_post', $post_ID) ) 
    1076         return new IXR_Error(401, 'Sorry, you can not edit this post.'); 
    1077  
    1078       $postdata = wp_get_single_post($post_ID, ARRAY_A); 
    1079       extract($postdata); 
    1080         $this->escape($postdata); 
    10811078 
    10821079        // The post_type defaults to post, but could also be page. 
     
    10881085            $post_type = "page"; 
    10891086        } 
     1087 
     1088      // Edit page caps are checked in editPage.  Just check post here. 
     1089      if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) ) 
     1090        return new IXR_Error(401, 'Sorry, you can not edit this post.'); 
     1091 
     1092      $postdata = wp_get_single_post($post_ID, ARRAY_A); 
     1093      extract($postdata); 
     1094        $this->escape($postdata); 
    10901095 
    10911096        // Let WordPress manage slug if none was provided. 
     
    11591164      $post_more = $content_struct['mt_text_more']; 
    11601165      $post_status = $publish ? 'publish' : 'draft'; 
     1166 
     1167      if ( ('publish' == $post_status) ) { 
     1168        if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') ) 
     1169            return new IXR_Error(401, 'Sorry, you do not have the right to publish this page.'); 
     1170        else if ( !current_user_can('publish_posts') ) 
     1171            return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.'); 
     1172      } 
    11611173 
    11621174      if ($post_more) { 
Note: See TracChangeset for help on using the changeset viewer.