Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-28 15:54:57 +02:00
Code Issues Projects Releases Wiki Activity

Do not allow contributors to set the post slug for pending review posts. fixes #7805

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@9055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2008-10-02 04:10:54 +00:00
parent 28d9d8fde9
commit 15ff2bf868
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-admin/edit-form-advanced.php
View File

@ -374,7 +374,8 @@ function post_slug_meta_box($post) {
<label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" />
<?php
}
add_meta_box('slugdiv', __('Post Slug'), 'post_slug_meta_box', 'post', 'normal', 'core');
if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) )
add_meta_box('slugdiv', __('Post Slug'), 'post_slug_meta_box', 'post', 'normal', 'core');
$authors = get_editable_user_ids( $current_user->id ); // TODO: ROLE SYSTEM
if ( $post->post_author && !in_array($post->post_author, $authors) )
@ -481,11 +482,13 @@ else
</div>
<div class="inside">
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
<?php if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) ) { ?>
<div id="edit-slug-box">
<?php if ( ! empty($post->ID) && ! empty($sample_permalink_html) ) :
echo $sample_permalink_html;
endif; ?>
</div>
<?php } ?>
</div>
</div>

16
wp-includes/post.php
View File

@ -1350,21 +1350,25 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
$guid = get_post_field( 'guid', $post_ID );
}
// Create a valid post name. Drafts are allowed to have an empty
// Don't allow contributors to set to set the post slug for pending review posts
if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) )
$post_name = '';
// Create a valid post name. Drafts and pending posts are allowed to have an empty
// post name.
if ( empty($post_name) ) {
if ( 'draft' != $post_status )
if ( !in_array( $post_status, array( 'draft', 'pending' ) ) )
$post_name = sanitize_title($post_title);
} else {
$post_name = sanitize_title($post_name);
}
// If the post date is empty (due to having been new or a draft) and status is not 'draft', set date to now
// If the post date is empty (due to having been new or a draft) and status is not 'draft' or 'pending', set date to now
if ( empty($post_date) || '0000-00-00 00:00:00' == $post_date )
$post_date = current_time('mysql');
if ( empty($post_date_gmt) || '0000-00-00 00:00:00' == $post_date_gmt ) {
if ( !in_array($post_status, array('draft', 'pending')) )
if ( !in_array( $post_status, array( 'draft', 'pending' ) ) )
$post_date_gmt = get_gmt_from_date($post_date);
else
$post_date_gmt = '0000-00-00 00:00:00';
@ -1414,7 +1418,7 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
if ( !isset($post_password) )
$post_password = '';
if ( 'draft' != $post_status ) {
if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) {
$post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent));
if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) {
@ -1457,7 +1461,7 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
$where = array( 'ID' => $post_ID );
}
if ( empty($post_name) && 'draft' != $post_status ) {
if ( empty($post_name) && !in_array( $post_status, array( 'draft', 'pending' ) ) ) {
$post_name = sanitize_title($post_title, $post_ID);
$wpdb->update( $wpdb->posts, compact( 'post_name' ), $where );
}