[wp-trac] [WordPress Trac] #31236: wp_ajax_upload_attachment does not properly handle situation when post_id is set
WordPress Trac
noreply at wordpress.org
Wed Mar 18 13:31:11 UTC 2015
#31236: wp_ajax_upload_attachment does not properly handle situation when post_id
is set
-------------------------------------+------------------
Reporter: johncacpro | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.2
Component: Media | Version: 4.1
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------
Comment (by joemcgill):
Sergey,
I totally trust your judgement on this one, but I'm a bit confused as to
how all this is supposed to work. It looks like `current_user_can()`
[https://core.trac.wordpress.org/browser/tags/4.1/src/wp-
includes/capabilities.php#L1355 only accepts one parameter]. The
[https://developer.wordpress.org/reference/functions/current_user_can/ WP
code reference] seems to confirm this but
[http://codex.wordpress.org/Function_Reference/current_user_can the codex
states otherwise].
Is there something I'm missing or are the docs (and some of the code in
core) out of sync with the actual internals for how `current_user_can()`
works?
Replying to [comment:3 SergeyBiryukov]:
> `current_user_can( 'edit_post', $post_id )` is correct, it's used in a
lot places in core. It breaks down to `edit_posts`,
`edit_published_posts`, or `edit_others_posts` for the post type, see
[source:tags/4.1/src/wp-includes/capabilities.php#L1115 map_meta_cap()].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31236#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list