[wp-trac] [WordPress Trac] #24280: Privilege check in mt_publishPost
WordPress Trac
noreply at wordpress.org
Tue May 12 23:52:30 UTC 2015
#24280: Privilege check in mt_publishPost
--------------------------+------------------------
Reporter: fgauthier | Owner: chriscct7
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 4.3
Component: XML-RPC | Version: 3.0
Severity: normal | Resolution:
Keywords: close | Focuses:
--------------------------+------------------------
Changes (by johnbillion):
* keywords: has-patch needs-testing => close
Comment:
[attachment:24280.patch] has the opposite of the intended affect. It
allows someone with ''either'' the `edit_posts` or `publish_posts` cap to
publish a post.
Replying to [comment:2 fgauthier]:
> In fact, I meant functions like blogger_newPost($args) and
mw_newPost($args) that do not check the edit_post privilege when the
status of the new post is set to 'publish'.
`blogger_newPost()` and `blogger_newPost()` both check the `edit_posts`
cap too. Those functions, along with `mt_publishPost()`, all look correct
to me. In order to publish a post, you also need the ability to edit that
post.
I think this ticket is invalid.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24280#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list