Make WordPress Core

Opened 5 years ago

Last modified 3 years ago

#16847 closed defect (bug)

Capability check fails for custom post type revision edit — at Initial Version

Reported by: anmari Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.0
Component: Revisions Keywords: reporter-feedback has-patch dev-feedback
Focuses: Cc:


I am using nightly build (1 day old).

Steps to reproduce:

  1. Register post type with capability 'event'.
  1. Edit custom post type till you have some revisions.
  1. Attempt to view a revision. One gets sent to the normal posts edit.php screen.

I looked at revision.php and managed to work out that it was failing at

	if ( !current_user_can( 'read_post', $revision->ID ) || !current_user_can( 'read_post', $post->ID ) )

I tried

	if ( !current_user_can( 'read_'.$post->post_type, $revision->ID ) || !current_user_can( 'read_'.$post->post_type, $post->ID ) )

but that still failed.

I commented out the check and was then able to view the revision.

I think this affects the autosave too as that was how I started looking at it.

So it looks like the problem is in the current_user_can check somehow not working out that the author or admin user is allowed to view or edit the revision ?

Ticket 14122 may be relevant :
http://core.trac.wordpress.org/ticket/14122 (detailed discussion about meta-caps?)

I found also Ticket 14749 says it fixed something similar, but that was not a capability problem, so not relevant :

I back tested and behaviour occurs in 3.0, 3.1 and the nightly build

Change History (0)

Note: See TracTickets for help on using tickets.