[wp-trac] [WordPress Trac] #24916: XML-RPC "wp_author_id" ignored when changing author to self
WordPress Trac
noreply at wordpress.org
Thu Aug 1 20:40:00 UTC 2013
#24916: XML-RPC "wp_author_id" ignored when changing author to self
--------------------------+-----------------------------
Reporter: redsweater | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: trunk
Severity: normal | Keywords: has-patch
--------------------------+-----------------------------
When using the MetaWeblog mw_editPost method to change the author of an
existing post from another user to the logged in user, the wp_author_id"
field is not read from the content_struct because of a logic error in
mw_editPost().
The logic error is in this line:
{{{
if ( isset($content_struct['wp_author_id']) && ($user->ID !=
$content_struct['wp_author_id']) )
}}}
Here it is assumed that if the supplied author ID is the same as the
logged in user, then the supplied ID does not need to be read. However,
this is not true when the post being edited is in fact not currently in
the logged in user's authorship.
The attached patch fixes the problem and also clarifies the permissions
test so that it will reject any effort to change the author ID either to
another user's ID or from another user's ID, unless the logged in user has
permission to editor others' posts.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24916>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list