diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index 696b4328c7..a67412dc7d 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -2603,7 +2603,7 @@ function wp_ajax_get_revision_diffs() { if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) ) wp_send_json_error(); - if ( ! current_user_can( 'read_post', $post->ID ) ) + if ( ! current_user_can( 'edit_post', $post->ID ) ) wp_send_json_error(); // Really just pre-loading the cache here. diff --git a/wp-admin/revision.php b/wp-admin/revision.php index 0f48ef9a27..90c7a8a4af 100644 --- a/wp-admin/revision.php +++ b/wp-admin/revision.php @@ -63,7 +63,7 @@ default : if ( ! $post = get_post( $revision->post_parent ) ) break; - if ( ! current_user_can( 'read_post', $revision->ID ) || ! current_user_can( 'read_post', $post->ID ) ) + if ( ! current_user_can( 'read_post', $revision->ID ) || ! current_user_can( 'edit_post', $revision->post_parent ) ) break; // Revisions disabled and we're not looking at an autosave