Opened 15 years ago
Closed 15 years ago
#9403 closed defect (bug) (fixed)
Quick Edit can unintentionally alter post author
Reported by: | sojweb | Owned by: | sojweb |
---|---|---|---|
Milestone: | 2.8 | Priority: | normal |
Severity: | normal | Version: | 2.7 |
Component: | Quick/Bulk Edit | Keywords: | has-patch 2nd-opinion needs-testing |
Focuses: | Cc: |
Description
If a user authors a post, and that user's role is later switched to something that doesn't have edit capabilities, using quick edit on their post will switch the author to a different user. This shouldn't happen.
To reproduce:
- Create a test user with edit privileges
- Create post and set that user as the author
- Change that user's role to Subscriber
- Do a quick edit on the user's post
- The author of that post is always set to the user who did the quick edit
The problem is that, if the user no longer has edit privileges, they are left off the dropdown list of authors, but the blank field is filled in with the current user in _wp_translate_postdata(). The solution is a simple check in admin-ajax.php that fills in the field with the post author if it is blank.
Attachments (1)
Change History (7)
#3
@
15 years ago
- Keywords 2nd-opinion added; changes author removed
- Milestone changed from Unassigned to 2.8
- Version set to 2.7
Note: See
TracTickets for help on using
tickets.
This does not seem reproducible in current trunk. There is no "blank" author option in Quick Edit of a single post, so that forces the post_author field to be populated with something. The only way I could try to reproduce this is through Bulk Edit, and leaving the Author as -No Change- works properly without this patch, as far as I can tell.
I would suggest this be closed as worksforme or invalid, but I'm not sure which is more applicable. It may still be an issue in 2.7.x, I have not tested it there.