Make WordPress Core

Opened 7 years ago

Closed 6 years ago

#9403 closed defect (bug) (fixed)

Quick Edit can unintentionally alter post author

Reported by: sojweb Owned by: sojweb
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7
Component: Quick/Bulk Edit Keywords: has-patch 2nd-opinion needs-testing
Focuses: Cc:


If a user authors a post, and that user's role is later switched to something that doesn't have edit capabilities, using quick edit on their post will switch the author to a different user. This shouldn't happen.

To reproduce:

  • Create a test user with edit privileges
  • Create post and set that user as the author
  • Change that user's role to Subscriber
  • Do a quick edit on the user's post
  • The author of that post is always set to the user who did the quick edit

The problem is that, if the user no longer has edit privileges, they are left off the dropdown list of authors, but the blank field is filled in with the current user in _wp_translate_postdata(). The solution is a simple check in admin-ajax.php that fills in the field with the post author if it is blank.

Attachments (1)

admin-ajax.php.diff (481 bytes) - added by sojweb 7 years ago.

Download all attachments as: .zip

Change History (7)

@sojweb7 years ago

comment:1 @sojweb7 years ago

  • Owner set to sojweb

comment:2 @sojweb7 years ago

  • Keywords has-patch added

comment:3 @Denis-de-Bernardy6 years ago

  • Keywords 2nd-opinion added; changes author removed
  • Milestone changed from Unassigned to 2.8
  • Version set to 2.7

comment:4 @jbsil6 years ago

This does not seem reproducible in current trunk. There is no "blank" author option in Quick Edit of a single post, so that forces the post_author field to be populated with something. The only way I could try to reproduce this is through Bulk Edit, and leaving the Author as -No Change- works properly without this patch, as far as I can tell.

I would suggest this be closed as worksforme or invalid, but I'm not sure which is more applicable. It may still be an issue in 2.7.x, I have not tested it there.

comment:5 @jbsil6 years ago

  • Keywords needs-testing added
  • Milestone changed from 2.8 to 2.7.2

Fixed in 2.8. Changing milestone to 2.7.2, where it needs to be tested (with and without the patch).

comment:6 @Denis-de-Bernardy6 years ago

  • Milestone changed from 2.7.2 to 2.8
  • Resolution set to fixed
  • Status changed from new to closed

there apparently won't be any 5.7.2

Note: See TracTickets for help on using tickets.