[wp-trac] [WordPress Trac] #24153: Sticky flag gets unset if author doesn't have publish_posts permission
WordPress Trac
noreply at wordpress.org
Mon May 25 07:27:39 UTC 2015
#24153: Sticky flag gets unset if author doesn't have publish_posts permission
-----------------------------+-----------------------------
Reporter: archon810 | Owner: chriscct7
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 4.3
Component: Role/Capability | Version: 3.5
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration
-----------------------------+-----------------------------
Comment (by chriscct7):
Replying to [comment:15 obenland]:
> But Grammar Nazi doesn't have `publish_posts`, only `edit_others_posts`.
>
That's correct. The problem is in the save routine, right now Grammar Nazi
can change the stickiness of the post because since he doesn't have both
caps, the save routine will assume the post was unstickied. By wrapping
the check in a cap check for both capabilities, Gramar Nazi cannot change
the stickiness of the post by editing the post because the part that
checks whether or not the post is sticky or not is circumvented by the
capability check
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24153#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list