Make WordPress Core

Opened 15 years ago

Closed 15 years ago

#9403 closed defect (bug) (fixed)

Quick Edit can unintentionally alter post author

Reported by: sojweb's profile sojweb Owned by: sojweb's profile sojweb
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7
Component: Quick/Bulk Edit Keywords: has-patch 2nd-opinion needs-testing
Focuses: Cc:

Description

If a user authors a post, and that user's role is later switched to something that doesn't have edit capabilities, using quick edit on their post will switch the author to a different user. This shouldn't happen.

To reproduce:

  • Create a test user with edit privileges
  • Create post and set that user as the author
  • Change that user's role to Subscriber
  • Do a quick edit on the user's post
  • The author of that post is always set to the user who did the quick edit

The problem is that, if the user no longer has edit privileges, they are left off the dropdown list of authors, but the blank field is filled in with the current user in _wp_translate_postdata(). The solution is a simple check in admin-ajax.php that fills in the field with the post author if it is blank.

Attachments (1)

admin-ajax.php.diff (481 bytes) - added by sojweb 15 years ago.

Download all attachments as: .zip

Change History (7)

#1 @sojweb
15 years ago

  • Owner set to sojweb

#2 @sojweb
15 years ago

  • Keywords has-patch added

#3 @Denis-de-Bernardy
15 years ago

  • Keywords 2nd-opinion added; changes author removed
  • Milestone changed from Unassigned to 2.8
  • Version set to 2.7

#4 @jbsil
15 years ago

This does not seem reproducible in current trunk. There is no "blank" author option in Quick Edit of a single post, so that forces the post_author field to be populated with something. The only way I could try to reproduce this is through Bulk Edit, and leaving the Author as -No Change- works properly without this patch, as far as I can tell.

I would suggest this be closed as worksforme or invalid, but I'm not sure which is more applicable. It may still be an issue in 2.7.x, I have not tested it there.

#5 @jbsil
15 years ago

  • Keywords needs-testing added
  • Milestone changed from 2.8 to 2.7.2

Fixed in 2.8. Changing milestone to 2.7.2, where it needs to be tested (with and without the patch).

#6 @Denis-de-Bernardy
15 years ago

  • Milestone changed from 2.7.2 to 2.8
  • Resolution set to fixed
  • Status changed from new to closed

there apparently won't be any 5.7.2

Note: See TracTickets for help on using tickets.