[wp-trac] [WordPress Trac] #18429: Create custom post types via XMLRPC
WordPress Trac
wp-trac at lists.automattic.com
Tue Feb 7 14:04:55 UTC 2012
#18429: Create custom post types via XMLRPC
----------------------------+------------------------
Reporter: nprasath002 | Owner: westi
Type: task (blessed) | Status: reviewing
Priority: normal | Milestone: 3.4
Component: XML-RPC | Version:
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+------------------------
Comment (by westi):
Replying to [comment:38 nprasath002]:
> The patch fixes some security flaws.
>
> For new posts
>
> {{{
> current_user_can( $cap );
> }}}
>
> For existing posts
>
> {{{
> current_user_can( $cap, $post_id );
> }}}
Good Catch, rather than splitting out the code and duplicating it I think
it might be cleaner to alter _wp_insert_post and just have post_id splits
around the calls to current_user_can with one call with and one without
depending on whether or not it is provided - otherwise we have to make
sure to keep two copies of the code in sync in future.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18429#comment:40>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list