Opened 11 years ago
Closed 9 years ago
#24280 closed defect (bug) (invalid)
Unit tests for mt_publishPost, blogger_newPost and mw_newPost
Reported by: | fgauthier | Owned by: | chriscct7 |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | XML-RPC | Keywords: | needs-unit-tests |
Focuses: | Cc: |
Description
The mt_publishPost function requires both the publish_posts and edit_post privileges to publish a post.
Elsewhere, the publish_posts privilege is sufficient to publish a post.
Attachments (1)
Change History (14)
#2
follow-up:
↓ 8
@
11 years ago
In fact, I meant functions like blogger_newPost($args) and mw_newPost($args) that do not check the edit_post privilege when the status of the new post is set to 'publish'.
In this context, it seemed strange to require the edit_post privilege to publish a post.
#3
@
11 years ago
wp.* methods are leading to me. So I rather fix blogger_newPost and mw_newPost if needed.
#5
@
9 years ago
- Keywords has-patch needs-testing added
- Milestone changed from Awaiting Review to 4.3
Fixes both permission issues
#8
in reply to:
↑ 2
;
follow-up:
↓ 9
@
9 years ago
- Keywords close added; has-patch needs-testing removed
24280.patch has the opposite of the intended affect. It allows someone with either the edit_posts
or publish_posts
cap to publish a post.
Replying to fgauthier:
In fact, I meant functions like blogger_newPost($args) and mw_newPost($args) that do not check the edit_post privilege when the status of the new post is set to 'publish'.
blogger_newPost()
and mw_newPost()
both check the edit_posts
cap too. Those functions, along with mt_publishPost()
, all look correct to me. In order to publish a post, you also need the ability to edit that post.
I think this ticket is invalid.
#9
in reply to:
↑ 8
@
9 years ago
- Keywords has-patch added; close removed
Replying to johnbillion:
24280.patch has the opposite of the intended affect. It allows someone with either the
edit_posts
orpublish_posts
cap to publish a post.
That's the intention. In the comments it is noted the publish_post cap doesn't exist at that point.
#10
follow-up:
↓ 12
@
9 years ago
- Keywords needs-unit-tests added; has-patch removed
- Milestone changed from 4.3 to Future Release
Discussed with Chris. Definitely invalid.
However, we could do with some tests here to prove this, so if someone wants to write tests which cover these methods then that would be super. We have existing tests for much of XML-RPC but not for these methods.
#11
@
9 years ago
- Summary changed from Privilege check in mt_publishPost to Unit tests for mt_publishPost, blogger_newPost and mw_newPost
#12
in reply to:
↑ 10
@
9 years ago
Replying to johnbillion:
Discussed with Chris. Definitely invalid.
However, we could do with some tests here to prove this, so if someone wants to write tests which cover these methods then that would be super. We have existing tests for much of XML-RPC but not for these methods.
Can we split that off into a new ticket?
If I look at _insert_post() what is used in the main XML-RPC methods you will see both checks there too.
Guess you mean that with elsewhere? or do you mean somewhere else in core?