[wp-trac] [WordPress Trac] #18429: Create custom post types via XMLRPC

WordPress Trac wp-trac at lists.automattic.com
Tue Feb 7 14:04:55 UTC 2012


#18429: Create custom post types via XMLRPC
----------------------------+------------------------
 Reporter:  nprasath002     |       Owner:  westi
     Type:  task (blessed)  |      Status:  reviewing
 Priority:  normal          |   Milestone:  3.4
Component:  XML-RPC         |     Version:
 Severity:  normal          |  Resolution:
 Keywords:  has-patch       |
----------------------------+------------------------

Comment (by westi):

 Replying to [comment:38 nprasath002]:
 > The patch fixes some security flaws.
 >
 > For new posts
 >
 > {{{
 > current_user_can( $cap );
 > }}}
 >
 > For existing posts
 >
 > {{{
 > current_user_can( $cap, $post_id );
 > }}}

 Good Catch, rather than splitting out the code and duplicating it I think
 it might be cleaner to alter _wp_insert_post and just have post_id splits
 around the calls to current_user_can with one call with and one without
 depending on whether or not it is provided - otherwise we have to make
 sure to keep two copies of the code in sync in future.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18429#comment:40>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list