[wp-trac] [WordPress Trac] #7832: Autosave fails for users with the "Author" role.

WordPress Trac wp-trac at lists.automattic.com
Mon Oct 6 00:06:45 GMT 2008


#7832: Autosave fails for users with the "Author" role.
----------------------------+-----------------------------------------------
 Reporter:  beaulebens      |       Owner:  anonymous   
     Type:  defect          |      Status:  new         
 Priority:  normal          |   Milestone:  2.7         
Component:  Administration  |     Version:              
 Severity:  normal          |    Keywords:  editor, ajax
----------------------------+-----------------------------------------------
 If a user's role is set as "Author" then the autosave functionality of the
 editor will fail. So far the symptoms I've seen have been either returning
 a 500 error from the AJAX request (seen in FireBug using FF3, although
 these errors are seen on all browsers), or also as a big error in the
 right editor sidebar saying "You are not allowed to edit posts as this
 user".

 When the error message appears, it also wraps the page content in the
 default admin error page layout (gray background, white box, rounded
 corners) and thus shrinks the page.

 I tracked it down to being because the AJAX POST is failing to include a
 user_ID value, so when the security checks are made, they fail. One way to
 fix this is to add the user_ID to the AJAX POST.

 /wp-includes/js/autosave.js -- Line 167, add:
 {{{
 user_ID: jQuery('#user-id').val() || 0,
 }}}

 If not through this method, then the user_ID needs to be derived from the
 request somehow else in /wp-admin/admin-ajax.php before line 565 (or
 somewhere in the flow of the wp_create_post_autosave() function) to avoid
 the error.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7832>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list