[wp-trac] [WordPress Trac] #22417: _wp_translate_postdata() should use current_user_can( $ptype->cap->edit_post, $post_id )
WordPress Trac
noreply at wordpress.org
Mon Nov 12 00:39:21 UTC 2012
#22417: _wp_translate_postdata() should use current_user_can(
$ptype->cap->edit_post, $post_id )
-----------------------------+--------------------------
Reporter: danielbachhuber | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: General
Version: | Severity: normal
Keywords: |
-----------------------------+--------------------------
Similar to #22415, _wp_translate_postdata() should use `current_user_can(
$ptype->cap->edit_post, $post_id )` here:
{{{
$ptype = get_post_type_object( $post_data['post_type'] );
if ( isset($post_data['user_ID']) && ($post_data['post_author'] !=
$post_data['user_ID']) ) {
if ( !current_user_can( $ptype->cap->edit_others_posts ) )
{
}}}
I think this is problematic too:
{{{
if ( $previous_status != 'publish' || !current_user_can( 'edit_post',
$post_id ) )
$post_data['post_status'] = 'pending';
}}}
Switching to `current_user_can( $ptype->cap->edit_post, $post_id )` would
mean that the context could be appropriately filtered.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22417>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list