diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index c684e32698..898a322ff7 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -4756,20 +4756,26 @@ class wp_xmlrpc_server extends IXR_Server { $post_author = $postdata['post_author']; // Only set the post_author if one is set. - if ( isset($content_struct['wp_author_id']) && ($user->ID != $content_struct['wp_author_id']) ) { - switch ( $post_type ) { - case 'post': - if ( !current_user_can('edit_others_posts') ) - return new IXR_Error( 401, __( 'You are not allowed to change the post author as this user.' ) ); - break; - case 'page': - if ( !current_user_can('edit_others_pages') ) - return new IXR_Error( 401, __( 'You are not allowed to change the page author as this user.' ) ); - break; - default: - return new IXR_Error( 401, __( 'Invalid post type' ) ); + if ( isset( $content_struct['wp_author_id'] ) ) { + // Check permissions if attempting to switch author to or from another user. + if ( $user->ID != $content_struct['wp_author_id'] || $user->ID != $post_author ) { + switch ( $post_type ) { + case 'post': + if ( ! current_user_can( 'edit_others_posts' ) ) { + return new IXR_Error( 401, __( 'You are not allowed to change the post author as this user.' ) ); + } + break; + case 'page': + if ( ! current_user_can( 'edit_others_pages' ) ) { + return new IXR_Error( 401, __( 'You are not allowed to change the page author as this user.' ) ); + } + break; + default: + return new IXR_Error( 401, __( 'Invalid post type' ) ); + break; + } + $post_author = $content_struct['wp_author_id']; } - $post_author = $content_struct['wp_author_id']; } if ( isset($content_struct['mt_allow_comments']) ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index a9d2b1079f..238eee5272 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.2-beta3-31982'; +$wp_version = '4.2-beta3-31983'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.