[wp-trac] [WordPress Trac] #24280: Privilege check in mt_publishPost
WordPress Trac
noreply at wordpress.org
Wed May 13 00:41:05 UTC 2015
#24280: Privilege check in mt_publishPost
--------------------------+------------------------
Reporter: fgauthier | Owner: chriscct7
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 4.3
Component: XML-RPC | Version: 3.0
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------
Changes (by chriscct7):
* keywords: close => has-patch
Comment:
Replying to [comment:8 johnbillion]:
> [attachment:24280.patch] has the opposite of the intended affect. It
allows someone with ''either'' the `edit_posts` or `publish_posts` cap to
publish a post.
>
That's the intention. In the comments it is noted the publish_post cap
doesn't exist at that point.
> Replying to [comment:2 fgauthier]:
> > In fact, I meant functions like blogger_newPost($args) and
mw_newPost($args) that do not check the edit_post privilege when the
status of the new post is set to 'publish'.
>
> `blogger_newPost()` and `mw_newPost()` both check the `edit_posts` cap
too. Those functions, along with `mt_publishPost()`, all look correct to
me. In order to publish a post, you also need the ability to edit that
post.
>
> I think this ticket is invalid.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24280#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list