From 15ff2bf8687363857c6d1266766c9f6014cdf594 Mon Sep 17 00:00:00 2001 From: markjaquith Date: Thu, 2 Oct 2008 04:10:54 +0000 Subject: [PATCH] Do not allow contributors to set the post slug for pending review posts. fixes #7805 git-svn-id: http://svn.automattic.com/wordpress/trunk@9055 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/edit-form-advanced.php | 5 ++++- wp-includes/post.php | 16 ++++++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 790bbcb0e3..9c4c5311b1 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -374,7 +374,8 @@ function post_slug_meta_box($post) { post_status && !current_user_can( 'publish_posts' ) ) ) + add_meta_box('slugdiv', __('Post Slug'), 'post_slug_meta_box', 'post', 'normal', 'core'); $authors = get_editable_user_ids( $current_user->id ); // TODO: ROLE SYSTEM if ( $post->post_author && !in_array($post->post_author, $authors) ) @@ -481,11 +482,13 @@ else
ID); ?> +post_status && !current_user_can( 'publish_posts' ) ) ) { ?>
ID) && ! empty($sample_permalink_html) ) : echo $sample_permalink_html; endif; ?>
+
diff --git a/wp-includes/post.php b/wp-includes/post.php index 4132db4356..85256b4f85 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -1350,21 +1350,25 @@ function wp_insert_post($postarr = array(), $wp_error = false) { $guid = get_post_field( 'guid', $post_ID ); } - // Create a valid post name. Drafts are allowed to have an empty + // Don't allow contributors to set to set the post slug for pending review posts + if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) ) + $post_name = ''; + + // Create a valid post name. Drafts and pending posts are allowed to have an empty // post name. if ( empty($post_name) ) { - if ( 'draft' != $post_status ) + if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) $post_name = sanitize_title($post_title); } else { $post_name = sanitize_title($post_name); } - // If the post date is empty (due to having been new or a draft) and status is not 'draft', set date to now + // If the post date is empty (due to having been new or a draft) and status is not 'draft' or 'pending', set date to now if ( empty($post_date) || '0000-00-00 00:00:00' == $post_date ) $post_date = current_time('mysql'); if ( empty($post_date_gmt) || '0000-00-00 00:00:00' == $post_date_gmt ) { - if ( !in_array($post_status, array('draft', 'pending')) ) + if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) $post_date_gmt = get_gmt_from_date($post_date); else $post_date_gmt = '0000-00-00 00:00:00'; @@ -1414,7 +1418,7 @@ function wp_insert_post($postarr = array(), $wp_error = false) { if ( !isset($post_password) ) $post_password = ''; - if ( 'draft' != $post_status ) { + if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) { $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent)); if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) { @@ -1457,7 +1461,7 @@ function wp_insert_post($postarr = array(), $wp_error = false) { $where = array( 'ID' => $post_ID ); } - if ( empty($post_name) && 'draft' != $post_status ) { + if ( empty($post_name) && !in_array( $post_status, array( 'draft', 'pending' ) ) ) { $post_name = sanitize_title($post_title, $post_ID); $wpdb->update( $wpdb->posts, compact( 'post_name' ), $where ); }