[wp-trac] [WordPress Trac] #18429: Create custom post types via XMLRPC
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 29 13:24:12 UTC 2012
#18429: Create custom post types via XMLRPC
----------------------------+------------------------
Reporter: nprasath002 | Owner: westi
Type: task (blessed) | Status: reviewing
Priority: normal | Milestone: 3.4
Component: XML-RPC | Version:
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+------------------------
Comment (by nprasath002):
{{{
if ($post_data['post_type'] == 'post') {
if
(!current_user_can($post_type->cap->edit_others_posts))
return new IXR_Error(401, __('Sorry, you
are not allowed to stick this post.'));
$sticky = $post_data['sticky'] ? true : false;
if ($sticky) {
if ($post_data['post_status'] !=
'publish')
return new IXR_Error(401, __('Only
published posts can be made sticky.'));
stick_post($post_data['ID']);
}
else {
unstick_post($post_data['ID']);
}
}
}}}
Consider this code segment.
The cap check is in the wrong point.
We must validate the cap if the post is set to sticky.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18429#comment:17>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list