Undefined index: post_status when previewing post.

[szaqal21]

If a user doesn't have capability to publish posts there is no select list for setting post status in edit form and when previewing post, function post_preview() throws: PHP Notice: Undefined index: post_status in .../wp-admin/includes/post.php on line 1606.

[tyxla]

When user has no publish_posts capability, check for post_status before using it.

[tyxla]

Since the user has no publishing capabilities, the post status box should definitely not be there. So that is working correctly IMO. However, the post_status had to be checked before used, which is addressed in the patch above.

[boonebgorges]

Replying to tyxla:

Since the user has no publishing capabilities, the post status box should definitely not be there. So that is working correctly IMO. However, the post_status had to be checked before used, which is addressed in the patch above.

Yes, this is correct. Note that it takes a pretty odd set of circumstances to get to this point: you have to be previewing a post that you did not write, and therefore you must have 'edit_others_posts' (perhaps among other caps), but you can't have 'publish_posts'.

[boonebgorges]

In 31896:

Check that $_POST array index is set before comparing it in post_preview().

This prevents PHP notices in cases where a user with 'edit_others_posts' but
without 'publish_posts' previews another user's posts.

Props tyxla.
Fixes #31760.

[szaqal21]

In my case it was the posts author that was previewing his pending post (from edit form, previewing from posts table doesn't produce a notice). It's not that odd :) I think.

[jeremyclarke]

Nice to see this was fixed. I'll add another important scenario: User doesn't have edit_others_posts OR publish_posts, but a plugin is using map_meta_cap to delegate selective access to specific posts (certainly something intended by the map_meta_cap system which passes the post_id and author_id around for just such delegation).

My use case is an add-on to Edit Flow that lets users who are ticked in "Notifiations" (subscribed to a post) also edit it so we don't have to promote every user to 'Editor' in order to let them work together on posts.