Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-26 14:54:57 +02:00
Code Issues Projects Releases Wiki Activity

Add a create_posts check to _wp_translate_postdata(). Move the edit_post check to the top of the function.

Browse Source 
Props nacin
fixes #22417


git-svn-id: http://core.svn.wordpress.org/trunk@22950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Ryan Boren 2012-11-30 14:03:47 +00:00
parent 0924e6facd
commit ea3e47bc08
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
wp-admin/includes/post.php
View File

@ -26,6 +26,20 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
if ( $update )
$post_data['ID'] = (int) $post_data['post_ID'];
$ptype = get_post_type_object( $post_data['post_type'] );
if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
if ( 'page' == $post_data['post_type'] )
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
else
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
} elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) {
if ( 'page' == $post_data['post_type'] )
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
else
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
}
if ( isset( $post_data['content'] ) )
$post_data['post_content'] = $post_data['content'];
@ -51,25 +65,13 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
}
}
$ptype = get_post_type_object( $post_data['post_type'] );
if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) {
if ( $update ) {
if ( ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
if ( 'page' == $post_data['post_type'] ) {
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
} else {
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
}
}
} else {
if ( ! current_user_can( $ptype->cap->edit_others_posts ) ) {
if ( 'page' == $post_data['post_type'] ) {
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
} else {
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
}
}
}
if ( ! $update && isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
&& ! current_user_can( $ptype->cap->edit_others_posts ) ) {
if ( 'page' == $post_data['post_type'] )
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
else
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
}
// What to do based on which button they pressed