[wp-trac] [WordPress Trac] #25395: Potential bug of uploading images using media-upload

WordPress Trac noreply at wordpress.org
Mon Feb 17 09:13:51 UTC 2014


#25395: Potential bug of uploading images using media-upload
--------------------------+-----------------------
 Reporter:  alucard001    |       Owner:
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:
Component:  Upload        |     Version:  3.6.1
 Severity:  normal        |  Resolution:
 Keywords:  close         |     Focuses:
--------------------------+-----------------------
Changes (by dd32):

 * keywords:   => close


Comment:

 > Your reason about post and attachment is understood, what I am going
 after is the name: there is no such right as "edit_post", only
 "edit_posts".

 'edit_post' is a meta capability which is mapped to edit_posts and/or
 edit_private_posts and/or edit_others_posts here:
 https://core.trac.wordpress.org/browser/trunk/src/wp-
 includes/capabilities.php#L1104

 The actual caps it maps to are found here:
 https://core.trac.wordpress.org/browser/trunk/src/wp-
 includes/post.php#L1396

 It's hard to explain how the latter is setup, to truly understand it
 reading the Documentation in the file around that area, and adding some
 debugging cases in is really needed.

 basically what I'm saying, is that 'edit_post' is a special "Meta"
 capability which is mapped onto another "real" capability during the cap
 checks, checking for edit_post with a context of $post_id will check for
 'edit_posts' for an administrator, and for another user would check
 'edit_others_posts'.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/25395#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list