Make WordPress Core

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#20473 closed defect (bug) (invalid)

cap fixes in mw_editpost

Reported by: nprasath002's profile nprasath002 Owned by:
Milestone: Priority: normal
Severity: critical Version: 3.4
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

the patch includes

  • moved the cap check below post type check (first we need to check the post type for capability check)
  • expand the cap check for pages
  • check cap for publishing post or setting it as private with post_ID

The checks were ok in 3.3 but changed in the trunk which breaks support for 'pages'.

Attachments (2)

cap_fixes.patch (2.2 KB) - added by nprasath002 12 years ago.
cap_fixes2.patch (2.2 KB) - added by nprasath002 12 years ago.

Download all attachments as: .zip

Change History (11)

#1 @SergeyBiryukov
12 years ago

__( "Sorry, you do not have the right to edit this {$post_type}." )

A dynamic string like that is not translatable, see #19099 or #20005 for example.

#2 @nprasath002
12 years ago

Just replaced the dynamic strings with post.
A more elaborate error message needs more boilerplate code.
I am not sure we need this?

#3 @SergeyBiryukov
12 years ago

I'd suggest "You are not allowed to edit this item", which is already used in several files:
http://core.trac.wordpress.org/browser/tags/3.3.1/wp-admin/post.php#L137

#4 @maxcutler
12 years ago

  • Milestone changed from Awaiting Review to 3.4

#5 @markoheijnen
12 years ago

Related ticket #20336

#6 @ryan
12 years ago

publish_$post_type caps do not exist.

#7 @ryan
12 years ago

And edit_post handles any post type. Since the allowed post types are limited to post and page, I don't think we need to make any changes here.

#8 @maxcutler
12 years ago

  • Resolution set to invalid
  • Status changed from new to closed

#9 @SergeyBiryukov
12 years ago

  • Milestone 3.4 deleted
Note: See TracTickets for help on using tickets.