Revisions: clean up wp_ajax_revisions_data()
|Reported by:||azaozz||Owned by:|
See #23497. There are inconsistencies in wp_ajax_revisions_data(), mostly when getting/sanitizing the $_GET values.
We would probably need to pass the main post's ID every time and do current_user_can( 'edit_post' ID ). The code an the moment would show all revisions data to any logged in user that has 'view_post' capability. That cap is fine for the main post but not for revisions.
Change History (10)
- Milestone 3.6 deleted
- Resolution set to duplicate
- Status changed from new to closed
- Version trunk deleted