[wp-trac] [WordPress Trac] #16847: Capability check fails for custom post type revision edit
WordPress Trac
wp-trac at lists.automattic.com
Sun Mar 13 12:02:09 UTC 2011
#16847: Capability check fails for custom post type revision edit
--------------------------+-----------------------------
Reporter: anmari | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Revisions | Version: 3.1
Severity: minor | Keywords: needs-patch
--------------------------+-----------------------------
I am using nightly build (1 day old).
Steps to reproduce:
1. Register post type with capability 'event'.
2. Edit custom post type till you have some revisions.
3. Attempt to view a revision. One gets sent to the normal posts edit.php
screen.
I looked at revision.php and managed to work out that it was failing at
{{{
if ( !current_user_can( 'read_post', $revision->ID ) ||
!current_user_can( 'read_post', $post->ID ) )
}}}
I tried
{{{
if ( !current_user_can( 'read_'.$post->post_type, $revision->ID )
|| !current_user_can( 'read_'.$post->post_type, $post->ID ) )
}}}
but that still failed.
I commented out the check and was then able to view the revision.
I think this affects the autosave too as that was how I started looking at
it.
So it looks like the problem is in the current_user_can check somehow not
working out that the author or admin user is allowed to view or edit the
revision ?
Ticket 14122 may be relevant :
http://core.trac.wordpress.org/ticket/14122 (detailed discussion about
meta-caps?)
I found also Ticket 14749 says it fixed something similar, but that was
not a capability problem, so not relevant :
http://core.trac.wordpress.org/changeset/14749
I back tested and behaviour occurs in 3.0, 3.1 and the nightly build
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16847>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list