diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-03-22 13:20:00 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-03-22 13:20:00 +0000 |
| commit | b48e6bc8762854b59515c18a3358700d2d07c2b1 (patch) | |
| tree | 5a7c36900961c7fe5a6a80344d79041df5936e6b /xmlrpc.php | |
| parent | 87ac457a9eb1e74bd7d45852e719e83b1b76cebc (diff) | |
| download | wordpress-mu-b48e6bc8762854b59515c18a3358700d2d07c2b1.tar.gz wordpress-mu-b48e6bc8762854b59515c18a3358700d2d07c2b1.tar.xz wordpress-mu-b48e6bc8762854b59515c18a3358700d2d07c2b1.zip | |
WP Merge to rev 5081
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@931 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'xmlrpc.php')
| -rw-r--r-- | xmlrpc.php | 24 |
1 files changed, 18 insertions, 6 deletions
@@ -856,6 +856,9 @@ class wp_xmlrpc_server extends IXR_Server { extract($actual_post); + if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) + return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.'); + $post_title = xmlrpc_getposttitle($content); $post_category = xmlrpc_getpostcategory($content); $post_content = xmlrpc_removepostdata($content); @@ -1082,12 +1085,6 @@ class wp_xmlrpc_server extends IXR_Server { } set_current_user(0, $user_login); - if ( !current_user_can('edit_post', $post_ID) ) - return new IXR_Error(401, 'Sorry, you can not edit this post.'); - - $postdata = wp_get_single_post($post_ID, ARRAY_A); - extract($postdata); - $this->escape($postdata); // The post_type defaults to post, but could also be page. $post_type = "post"; @@ -1098,6 +1095,14 @@ class wp_xmlrpc_server extends IXR_Server { $post_type = "page"; } + // Edit page caps are checked in editPage. Just check post here. + if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) ) + return new IXR_Error(401, 'Sorry, you can not edit this post.'); + + $postdata = wp_get_single_post($post_ID, ARRAY_A); + extract($postdata); + $this->escape($postdata); + // Let WordPress manage slug if none was provided. $post_name = ""; if(!empty($content_struct["wp_slug"])) { @@ -1169,6 +1174,13 @@ class wp_xmlrpc_server extends IXR_Server { $post_more = $content_struct['mt_text_more']; $post_status = $publish ? 'publish' : 'draft'; + if ( ('publish' == $post_status) ) { + if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') ) + return new IXR_Error(401, 'Sorry, you do not have the right to publish this page.'); + else if ( !current_user_can('publish_posts') ) + return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.'); + } + if ($post_more) { $post_content = $post_content . "\n<!--more-->\n" . $post_more; } |