[wp-trac] [WordPress Trac] #24280: Privilege check in mt_publishPost

WordPress Trac noreply at wordpress.org
Wed May 13 00:41:05 UTC 2015


#24280: Privilege check in mt_publishPost
--------------------------+------------------------
 Reporter:  fgauthier     |       Owner:  chriscct7
     Type:  defect (bug)  |      Status:  accepted
 Priority:  normal        |   Milestone:  4.3
Component:  XML-RPC       |     Version:  3.0
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:
--------------------------+------------------------
Changes (by chriscct7):

 * keywords:  close => has-patch


Comment:

 Replying to [comment:8 johnbillion]:
 > [attachment:24280.patch] has the opposite of the intended affect. It
 allows someone with ''either'' the `edit_posts` or `publish_posts` cap to
 publish a post.
 >
 That's the intention. In the comments it is noted the publish_post cap
 doesn't exist at that point.



 > Replying to [comment:2 fgauthier]:
 > > In fact, I meant functions like blogger_newPost($args) and
 mw_newPost($args) that do not check the edit_post privilege when the
 status of the new post is set to 'publish'.
 >
 > `blogger_newPost()` and `mw_newPost()` both check the `edit_posts` cap
 too. Those functions, along with `mt_publishPost()`, all look correct to
 me. In order to publish a post, you also need the ability to edit that
 post.
 >
 > I think this ticket is invalid.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/24280#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list