Custom Post Type's capability_type and taxonomies used with the post type not considered when calling admin-ajax.php
|Reported by:||trabaria||Owned by:||trabaria|
For ajax-tag-search and get-tagcloud in admin-ajax.php, the custom post type with custom capability_type and taxonomies set to use with the post type is never considered as !current_user_can( 'edit_posts' ) is hard coded. For example, a custom post type MY_CPT with custom capability_type CPT allows users to have the capability edit_CPTs. A user who cannot edit_posts, but can edit_CPTs will see -1 when editing a MY_CPT post tags, if post_tags is in the array of taxonomies used with the post type.
Change History (9)
- Keywords has-patch added; capability_type post_type admin-ajax get-tagcloud ajax-tag-search removed
- Severity changed from critical to normal