From 6f37afb6ece704093aa1deb155f320f9384e86da Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Sun, 29 Nov 2015 02:27:18 +0000 Subject: [PATCH] When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it. Fixes #33694 Built from https://develop.svn.wordpress.org/trunk@35747 git-svn-id: http://core.svn.wordpress.org/trunk@35711 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/capabilities.php | 26 ++++++++++++++++---------- wp-includes/version.php | 2 +- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index 69bfb6fc50..7c570c4a1d 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -83,12 +83,15 @@ function map_meta_cap( $cap, $user_id ) { // If the post author is set and the user is the author... if ( $post->post_author && $user_id == $post->post_author ) { - // If the post is published... - if ( 'publish' == $post->post_status ) { + // If the post is published or scheduled... + if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->delete_published_posts; } elseif ( 'trash' == $post->post_status ) { - if ( 'publish' == get_post_meta( $post->ID, '_wp_trash_meta_status', true ) ) { + $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); + if ( in_array( $status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->delete_published_posts; + } else { + $caps[] = $post_type->cap->delete_posts; } } else { // If the post is draft... @@ -97,8 +100,8 @@ function map_meta_cap( $cap, $user_id ) { } else { // The user is trying to edit someone else's post. $caps[] = $post_type->cap->delete_others_posts; - // The post is published, extra cap required. - if ( 'publish' == $post->post_status ) { + // The post is published or scheduled, extra cap required. + if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->delete_published_posts; } elseif ( 'private' == $post->post_status ) { $caps[] = $post_type->cap->delete_private_posts; @@ -141,12 +144,15 @@ function map_meta_cap( $cap, $user_id ) { // If the post author is set and the user is the author... if ( $post->post_author && $user_id == $post->post_author ) { - // If the post is published... - if ( 'publish' == $post->post_status ) { + // If the post is published or scheduled... + if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->edit_published_posts; } elseif ( 'trash' == $post->post_status ) { - if ( 'publish' == get_post_meta( $post->ID, '_wp_trash_meta_status', true ) ) { + $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); + if ( in_array( $status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->edit_published_posts; + } else { + $caps[] = $post_type->cap->edit_posts; } } else { // If the post is draft... @@ -155,8 +161,8 @@ function map_meta_cap( $cap, $user_id ) { } else { // The user is trying to edit someone else's post. $caps[] = $post_type->cap->edit_others_posts; - // The post is published, extra cap required. - if ( 'publish' == $post->post_status ) { + // The post is published or scheduled, extra cap required. + if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->edit_published_posts; } elseif ( 'private' == $post->post_status ) { $caps[] = $post_type->cap->edit_private_posts; diff --git a/wp-includes/version.php b/wp-includes/version.php index a652937ae9..7dc041afc4 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-RC1-35746'; +$wp_version = '4.4-RC1-35747'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.