#31760 closed defect (bug) (fixed)
Undefined index: post_status when previewing post.
Reported by: | szaqal21 | Owned by: | boonebgorges |
---|---|---|---|
Milestone: | 4.2 | Priority: | normal |
Severity: | normal | Version: | 4.1.1 |
Component: | Posts, Post Types | Keywords: | has-patch |
Focuses: | Cc: |
Description
If a user doesn't have capability to publish posts there is no select list for setting post status in edit form and when previewing post, function post_preview() throws: PHP Notice: Undefined index: post_status in .../wp-admin/includes/post.php on line 1606.
Attachments (1)
Change History (8)
#1
follow-up:
↓ 2
@
10 years ago
- Keywords has-patch added
Since the user has no publishing capabilities, the post status box should definitely not be there. So that is working correctly IMO. However, the post_status
had to be checked before used, which is addressed in the patch above.
#2
in reply to:
↑ 1
@
10 years ago
- Milestone changed from Awaiting Review to 4.2
Replying to tyxla:
Since the user has no publishing capabilities, the post status box should definitely not be there. So that is working correctly IMO. However, the
post_status
had to be checked before used, which is addressed in the patch above.
Yes, this is correct. Note that it takes a pretty odd set of circumstances to get to this point: you have to be previewing a post that you did not write, and therefore you must have 'edit_others_posts' (perhaps among other caps), but you can't have 'publish_posts'.
#3
@
10 years ago
- Owner set to boonebgorges
- Resolution set to fixed
- Status changed from new to closed
In 31896:
#4
@
10 years ago
In my case it was the posts author that was previewing his pending post (from edit form, previewing from posts table doesn't produce a notice). It's not that odd :) I think.
#5
@
9 years ago
Nice to see this was fixed. I'll add another important scenario: User doesn't have edit_others_posts OR publish_posts, but a plugin is using map_meta_cap to delegate selective access to specific posts (certainly something intended by the map_meta_cap system which passes the post_id and author_id around for just such delegation).
My use case is an add-on to Edit Flow that lets users who are ticked in "Notifiations" (subscribed to a post) also edit it so we don't have to promote every user to 'Editor' in order to let them work together on posts.
When user has no
publish_posts
capability, check forpost_status
before using it.