Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-28 07:45:02 +02:00
Code Issues Projects Releases Wiki Activity

No need to check for the presence of a current user in a privileged ajax action. see #23665.

Browse Source 
git-svn-id: http://core.svn.wordpress.org/trunk@23889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-04-03 04:34:14 +00:00
parent 18b07129c9
commit b77e90c5bf
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/ajax-actions.php
View File

@ -1042,14 +1042,10 @@ function wp_ajax_autosave() {
if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
unset($_POST['post_category']);
$do_autosave = (bool) $_POST['autosave'];
$data = '';
$supplemental = array();
$id = $revision_id = 0;
if ( ! $user_id = get_current_user_id() )
wp_die('-1');
$post_id = (int) $_POST['post_id'];
$_POST['ID'] = $_POST['post_ID'] = $post_id;
$post = get_post($post_id);
@ -1064,7 +1060,7 @@ function wp_ajax_autosave() {
wp_die( __( 'You are not allowed to edit this post.' ) );
}
if ( $do_autosave ) {
if ( ! empty( $_POST['autosave'] ) ) {
// Drafts and auto-drafts are just overwritten by autosave for the same user
if ( $user_id == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
$id = edit_post();