ntwb /
wordpress
@@ -64,137 +64,137 @@ |
||
| 64 | 64 | |
| 65 | 65 | switch ( $wp_list_table->current_action() ) { |
| 66 | 66 | |
| 67 | -case 'add-tag': |
|
| 67 | + case 'add-tag': |
|
| 68 | 68 | |
| 69 | - check_admin_referer( 'add-tag', '_wpnonce_add-tag' ); |
|
| 69 | + check_admin_referer( 'add-tag', '_wpnonce_add-tag' ); |
|
| 70 | 70 | |
| 71 | - if ( ! current_user_can( $tax->cap->edit_terms ) ) { |
|
| 72 | - wp_die( |
|
| 73 | - '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . |
|
| 74 | - '<p>' . __( 'Sorry, you are not allowed to add this item.' ) . '</p>', |
|
| 75 | - 403 |
|
| 76 | - ); |
|
| 77 | - } |
|
| 71 | + if ( ! current_user_can( $tax->cap->edit_terms ) ) { |
|
| 72 | + wp_die( |
|
| 73 | + '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . |
|
| 74 | + '<p>' . __( 'Sorry, you are not allowed to add this item.' ) . '</p>', |
|
| 75 | + 403 |
|
| 76 | + ); |
|
| 77 | + } |
|
| 78 | 78 | |
| 79 | - $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); |
|
| 80 | - $location = 'edit-tags.php?taxonomy=' . $taxonomy; |
|
| 81 | - if ( 'post' != $post_type ) |
|
| 82 | - $location .= '&post_type=' . $post_type; |
|
| 79 | + $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); |
|
| 80 | + $location = 'edit-tags.php?taxonomy=' . $taxonomy; |
|
| 81 | + if ( 'post' != $post_type ) |
|
| 82 | + $location .= '&post_type=' . $post_type; |
|
| 83 | 83 | |
| 84 | - if ( $referer && false !== strpos( $referer, 'edit-tags.php' ) ) { |
|
| 85 | - $location = $referer; |
|
| 86 | - } |
|
| 84 | + if ( $referer && false !== strpos( $referer, 'edit-tags.php' ) ) { |
|
| 85 | + $location = $referer; |
|
| 86 | + } |
|
| 87 | 87 | |
| 88 | - if ( $ret && !is_wp_error( $ret ) ) |
|
| 89 | - $location = add_query_arg( 'message', 1, $location ); |
|
| 90 | - else |
|
| 91 | - $location = add_query_arg( array( 'error' => true, 'message' => 4 ), $location ); |
|
| 88 | + if ( $ret && !is_wp_error( $ret ) ) |
|
| 89 | + $location = add_query_arg( 'message', 1, $location ); |
|
| 90 | + else |
|
| 91 | + $location = add_query_arg( array( 'error' => true, 'message' => 4 ), $location ); |
|
| 92 | 92 | |
| 93 | - break; |
|
| 93 | + break; |
|
| 94 | 94 | |
| 95 | -case 'delete': |
|
| 96 | - $location = 'edit-tags.php?taxonomy=' . $taxonomy; |
|
| 97 | - if ( 'post' != $post_type ) |
|
| 98 | - $location .= '&post_type=' . $post_type; |
|
| 95 | + case 'delete': |
|
| 96 | + $location = 'edit-tags.php?taxonomy=' . $taxonomy; |
|
| 97 | + if ( 'post' != $post_type ) |
|
| 98 | + $location .= '&post_type=' . $post_type; |
|
| 99 | 99 | |
| 100 | - if ( $referer && false !== strpos( $referer, 'edit-tags.php' ) ) { |
|
| 101 | - $location = $referer; |
|
| 102 | - } |
|
| 100 | + if ( $referer && false !== strpos( $referer, 'edit-tags.php' ) ) { |
|
| 101 | + $location = $referer; |
|
| 102 | + } |
|
| 103 | 103 | |
| 104 | - if ( ! isset( $_REQUEST['tag_ID'] ) ) { |
|
| 105 | - break; |
|
| 106 | - } |
|
| 104 | + if ( ! isset( $_REQUEST['tag_ID'] ) ) { |
|
| 105 | + break; |
|
| 106 | + } |
|
| 107 | 107 | |
| 108 | - $tag_ID = (int) $_REQUEST['tag_ID']; |
|
| 109 | - check_admin_referer( 'delete-tag_' . $tag_ID ); |
|
| 108 | + $tag_ID = (int) $_REQUEST['tag_ID']; |
|
| 109 | + check_admin_referer( 'delete-tag_' . $tag_ID ); |
|
| 110 | 110 | |
| 111 | - if ( ! current_user_can( $tax->cap->delete_terms ) ) { |
|
| 112 | - wp_die( |
|
| 113 | - '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . |
|
| 114 | - '<p>' . __( 'Sorry, you are not allowed to delete this item.' ) . '</p>', |
|
| 115 | - 403 |
|
| 116 | - ); |
|
| 117 | - } |
|
| 111 | + if ( ! current_user_can( $tax->cap->delete_terms ) ) { |
|
| 112 | + wp_die( |
|
| 113 | + '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . |
|
| 114 | + '<p>' . __( 'Sorry, you are not allowed to delete this item.' ) . '</p>', |
|
| 115 | + 403 |
|
| 116 | + ); |
|
| 117 | + } |
|
| 118 | 118 | |
| 119 | - wp_delete_term( $tag_ID, $taxonomy ); |
|
| 119 | + wp_delete_term( $tag_ID, $taxonomy ); |
|
| 120 | 120 | |
| 121 | - $location = add_query_arg( 'message', 2, $location ); |
|
| 121 | + $location = add_query_arg( 'message', 2, $location ); |
|
| 122 | 122 | |
| 123 | - break; |
|
| 123 | + break; |
|
| 124 | 124 | |
| 125 | -case 'bulk-delete': |
|
| 126 | - check_admin_referer( 'bulk-tags' ); |
|
| 125 | + case 'bulk-delete': |
|
| 126 | + check_admin_referer( 'bulk-tags' ); |
|
| 127 | 127 | |
| 128 | - if ( ! current_user_can( $tax->cap->delete_terms ) ) { |
|
| 129 | - wp_die( |
|
| 130 | - '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . |
|
| 131 | - '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>', |
|
| 132 | - 403 |
|
| 133 | - ); |
|
| 134 | - } |
|
| 128 | + if ( ! current_user_can( $tax->cap->delete_terms ) ) { |
|
| 129 | + wp_die( |
|
| 130 | + '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . |
|
| 131 | + '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>', |
|
| 132 | + 403 |
|
| 133 | + ); |
|
| 134 | + } |
|
| 135 | 135 | |
| 136 | - $tags = (array) $_REQUEST['delete_tags']; |
|
| 137 | - foreach ( $tags as $tag_ID ) { |
|
| 138 | - wp_delete_term( $tag_ID, $taxonomy ); |
|
| 139 | - } |
|
| 140 | - |
|
| 141 | - $location = 'edit-tags.php?taxonomy=' . $taxonomy; |
|
| 142 | - if ( 'post' != $post_type ) |
|
| 143 | - $location .= '&post_type=' . $post_type; |
|
| 144 | - if ( $referer && false !== strpos( $referer, 'edit-tags.php' ) ) { |
|
| 145 | - $location = $referer; |
|
| 146 | - } |
|
| 136 | + $tags = (array) $_REQUEST['delete_tags']; |
|
| 137 | + foreach ( $tags as $tag_ID ) { |
|
| 138 | + wp_delete_term( $tag_ID, $taxonomy ); |
|
| 139 | + } |
|
| 147 | 140 | |
| 148 | - $location = add_query_arg( 'message', 6, $location ); |
|
| 141 | + $location = 'edit-tags.php?taxonomy=' . $taxonomy; |
|
| 142 | + if ( 'post' != $post_type ) |
|
| 143 | + $location .= '&post_type=' . $post_type; |
|
| 144 | + if ( $referer && false !== strpos( $referer, 'edit-tags.php' ) ) { |
|
| 145 | + $location = $referer; |
|
| 146 | + } |
|
| 149 | 147 | |
| 150 | - break; |
|
| 148 | + $location = add_query_arg( 'message', 6, $location ); |
|
| 151 | 149 | |
| 152 | -case 'edit': |
|
| 153 | - if ( ! isset( $_REQUEST['tag_ID'] ) ) { |
|
| 154 | 150 | break; |
| 155 | - } |
|
| 156 | 151 | |
| 157 | - $term_id = (int) $_REQUEST['tag_ID']; |
|
| 158 | - $term = get_term( $term_id ); |
|
| 152 | + case 'edit': |
|
| 153 | + if ( ! isset( $_REQUEST['tag_ID'] ) ) { |
|
| 154 | + break; |
|
| 155 | + } |
|
| 159 | 156 | |
| 160 | - if ( ! $term instanceof WP_Term ) { |
|
| 161 | - wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); |
|
| 162 | - } |
|
| 157 | + $term_id = (int) $_REQUEST['tag_ID']; |
|
| 158 | + $term = get_term( $term_id ); |
|
| 163 | 159 | |
| 164 | - wp_redirect( esc_url_raw( get_edit_term_link( $term_id, $taxonomy, $post_type ) ) ); |
|
| 165 | - exit; |
|
| 160 | + if ( ! $term instanceof WP_Term ) { |
|
| 161 | + wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); |
|
| 162 | + } |
|
| 166 | 163 | |
| 167 | -case 'editedtag': |
|
| 168 | - $tag_ID = (int) $_POST['tag_ID']; |
|
| 169 | - check_admin_referer( 'update-tag_' . $tag_ID ); |
|
| 164 | + wp_redirect( esc_url_raw( get_edit_term_link( $term_id, $taxonomy, $post_type ) ) ); |
|
| 165 | + exit; |
|
| 170 | 166 | |
| 171 | - if ( ! current_user_can( $tax->cap->edit_terms ) ) { |
|
| 172 | - wp_die( |
|
| 173 | - '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . |
|
| 174 | - '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', |
|
| 175 | - 403 |
|
| 176 | - ); |
|
| 177 | - } |
|
| 167 | + case 'editedtag': |
|
| 168 | + $tag_ID = (int) $_POST['tag_ID']; |
|
| 169 | + check_admin_referer( 'update-tag_' . $tag_ID ); |
|
| 178 | 170 | |
| 179 | - $tag = get_term( $tag_ID, $taxonomy ); |
|
| 180 | - if ( ! $tag ) |
|
| 181 | - wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); |
|
| 171 | + if ( ! current_user_can( $tax->cap->edit_terms ) ) { |
|
| 172 | + wp_die( |
|
| 173 | + '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . |
|
| 174 | + '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', |
|
| 175 | + 403 |
|
| 176 | + ); |
|
| 177 | + } |
|
| 182 | 178 | |
| 183 | - $ret = wp_update_term( $tag_ID, $taxonomy, $_POST ); |
|
| 179 | + $tag = get_term( $tag_ID, $taxonomy ); |
|
| 180 | + if ( ! $tag ) |
|
| 181 | + wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); |
|
| 184 | 182 | |
| 185 | - $location = 'edit-tags.php?taxonomy=' . $taxonomy; |
|
| 186 | - if ( 'post' != $post_type ) |
|
| 187 | - $location .= '&post_type=' . $post_type; |
|
| 183 | + $ret = wp_update_term( $tag_ID, $taxonomy, $_POST ); |
|
| 188 | 184 | |
| 189 | - if ( $referer && false !== strpos( $referer, 'edit-tags.php' ) ) { |
|
| 190 | - $location = $referer; |
|
| 191 | - } |
|
| 185 | + $location = 'edit-tags.php?taxonomy=' . $taxonomy; |
|
| 186 | + if ( 'post' != $post_type ) |
|
| 187 | + $location .= '&post_type=' . $post_type; |
|
| 192 | 188 | |
| 193 | - if ( $ret && !is_wp_error( $ret ) ) |
|
| 194 | - $location = add_query_arg( 'message', 3, $location ); |
|
| 195 | - else |
|
| 196 | - $location = add_query_arg( array( 'error' => true, 'message' => 5 ), $location ); |
|
| 197 | - break; |
|
| 189 | + if ( $referer && false !== strpos( $referer, 'edit-tags.php' ) ) { |
|
| 190 | + $location = $referer; |
|
| 191 | + } |
|
| 192 | + |
|
| 193 | + if ( $ret && !is_wp_error( $ret ) ) |
|
| 194 | + $location = add_query_arg( 'message', 3, $location ); |
|
| 195 | + else |
|
| 196 | + $location = add_query_arg( array( 'error' => true, 'message' => 5 ), $location ); |
|
| 197 | + break; |
|
| 198 | 198 | } |
| 199 | 199 | |
| 200 | 200 | if ( ! $location && ! empty( $_REQUEST['_wp_http_referer'] ) ) { |
@@ -15,87 +15,87 @@ discard block |
||
| 15 | 15 | wp_reset_vars(array('action')); |
| 16 | 16 | |
| 17 | 17 | switch ( $action ) { |
| 18 | -case 'editattachment' : |
|
| 19 | - $attachment_id = (int) $_POST['attachment_id']; |
|
| 20 | - check_admin_referer('media-form'); |
|
| 21 | - |
|
| 22 | - if ( !current_user_can('edit_post', $attachment_id) ) |
|
| 23 | - wp_die ( __('Sorry, you are not allowed to edit this attachment.') ); |
|
| 24 | - |
|
| 25 | - $errors = media_upload_form_handler(); |
|
| 26 | - |
|
| 27 | - if ( empty($errors) ) { |
|
| 28 | - $location = 'media.php'; |
|
| 29 | - if ( $referer = wp_get_original_referer() ) { |
|
| 30 | - if ( false !== strpos($referer, 'upload.php') || ( url_to_postid($referer) == $attachment_id ) ) |
|
| 31 | - $location = $referer; |
|
| 32 | - } |
|
| 33 | - if ( false !== strpos($location, 'upload.php') ) { |
|
| 34 | - $location = remove_query_arg('message', $location); |
|
| 35 | - $location = add_query_arg('posted', $attachment_id, $location); |
|
| 36 | - } elseif ( false !== strpos($location, 'media.php') ) { |
|
| 37 | - $location = add_query_arg('message', 'updated', $location); |
|
| 18 | + case 'editattachment' : |
|
| 19 | + $attachment_id = (int) $_POST['attachment_id']; |
|
| 20 | + check_admin_referer('media-form'); |
|
| 21 | + |
|
| 22 | + if ( !current_user_can('edit_post', $attachment_id) ) |
|
| 23 | + wp_die ( __('Sorry, you are not allowed to edit this attachment.') ); |
|
| 24 | + |
|
| 25 | + $errors = media_upload_form_handler(); |
|
| 26 | + |
|
| 27 | + if ( empty($errors) ) { |
|
| 28 | + $location = 'media.php'; |
|
| 29 | + if ( $referer = wp_get_original_referer() ) { |
|
| 30 | + if ( false !== strpos($referer, 'upload.php') || ( url_to_postid($referer) == $attachment_id ) ) |
|
| 31 | + $location = $referer; |
|
| 32 | + } |
|
| 33 | + if ( false !== strpos($location, 'upload.php') ) { |
|
| 34 | + $location = remove_query_arg('message', $location); |
|
| 35 | + $location = add_query_arg('posted', $attachment_id, $location); |
|
| 36 | + } elseif ( false !== strpos($location, 'media.php') ) { |
|
| 37 | + $location = add_query_arg('message', 'updated', $location); |
|
| 38 | + } |
|
| 39 | + wp_redirect($location); |
|
| 40 | + exit; |
|
| 38 | 41 | } |
| 39 | - wp_redirect($location); |
|
| 40 | - exit; |
|
| 41 | - } |
|
| 42 | 42 | |
| 43 | - // No break. |
|
| 44 | -case 'edit' : |
|
| 45 | - $title = __('Edit Media'); |
|
| 43 | + // No break. |
|
| 44 | + case 'edit' : |
|
| 45 | + $title = __('Edit Media'); |
|
| 46 | 46 | |
| 47 | - if ( empty($errors) ) |
|
| 48 | - $errors = null; |
|
| 47 | + if ( empty($errors) ) |
|
| 48 | + $errors = null; |
|
| 49 | 49 | |
| 50 | - if ( empty( $_GET['attachment_id'] ) ) { |
|
| 51 | - wp_redirect( admin_url('upload.php') ); |
|
| 52 | - exit(); |
|
| 53 | - } |
|
| 54 | - $att_id = (int) $_GET['attachment_id']; |
|
| 55 | - |
|
| 56 | - if ( !current_user_can('edit_post', $att_id) ) |
|
| 57 | - wp_die ( __('Sorry, you are not allowed to edit this attachment.') ); |
|
| 58 | - |
|
| 59 | - $att = get_post($att_id); |
|
| 60 | - |
|
| 61 | - if ( empty($att->ID) ) wp_die( __('You attempted to edit an attachment that doesn’t exist. Perhaps it was deleted?') ); |
|
| 62 | - if ( 'attachment' !== $att->post_type ) wp_die( __('You attempted to edit an item that isn’t an attachment. Please go back and try again.') ); |
|
| 63 | - if ( $att->post_status == 'trash' ) wp_die( __('You can’t edit this attachment because it is in the Trash. Please move it out of the Trash and try again.') ); |
|
| 64 | - |
|
| 65 | - add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); |
|
| 66 | - |
|
| 67 | - wp_enqueue_script( 'wp-ajax-response' ); |
|
| 68 | - wp_enqueue_script('image-edit'); |
|
| 69 | - wp_enqueue_style('imgareaselect'); |
|
| 70 | - |
|
| 71 | - get_current_screen()->add_help_tab( array( |
|
| 72 | - 'id' => 'overview', |
|
| 73 | - 'title' => __('Overview'), |
|
| 74 | - 'content' => |
|
| 75 | - '<p>' . __('This screen allows you to edit five fields for metadata in a file within the media library.') . '</p>' . |
|
| 76 | - '<p>' . __('For images only, you can click on Edit Image under the thumbnail to expand out an inline image editor with icons for cropping, rotating, or flipping the image as well as for undoing and redoing. The boxes on the right give you more options for scaling the image, for cropping it, and for cropping the thumbnail in a different way than you crop the original image. You can click on Help in those boxes to get more information.') . '</p>' . |
|
| 77 | - '<p>' . __('Note that you crop the image by clicking on it (the Crop icon is already selected) and dragging the cropping frame to select the desired part. Then click Save to retain the cropping.') . '</p>' . |
|
| 78 | - '<p>' . __('Remember to click Update Media to save metadata entered or changed.') . '</p>' |
|
| 79 | - ) ); |
|
| 80 | - |
|
| 81 | - get_current_screen()->set_help_sidebar( |
|
| 82 | - '<p><strong>' . __('For more information:') . '</strong></p>' . |
|
| 83 | - '<p>' . __('<a href="https://codex.wordpress.org/Media_Add_New_Screen#Edit_Media" target="_blank">Documentation on Edit Media</a>') . '</p>' . |
|
| 84 | - '<p>' . __('<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>' |
|
| 85 | - ); |
|
| 86 | - |
|
| 87 | - require( ABSPATH . 'wp-admin/admin-header.php' ); |
|
| 88 | - |
|
| 89 | - $parent_file = 'upload.php'; |
|
| 90 | - $message = ''; |
|
| 91 | - $class = ''; |
|
| 92 | - if ( isset($_GET['message']) ) { |
|
| 93 | - switch ( $_GET['message'] ) { |
|
| 50 | + if ( empty( $_GET['attachment_id'] ) ) { |
|
| 51 | + wp_redirect( admin_url('upload.php') ); |
|
| 52 | + exit(); |
|
| 53 | + } |
|
| 54 | + $att_id = (int) $_GET['attachment_id']; |
|
| 55 | + |
|
| 56 | + if ( !current_user_can('edit_post', $att_id) ) |
|
| 57 | + wp_die ( __('Sorry, you are not allowed to edit this attachment.') ); |
|
| 58 | + |
|
| 59 | + $att = get_post($att_id); |
|
| 60 | + |
|
| 61 | + if ( empty($att->ID) ) wp_die( __('You attempted to edit an attachment that doesn’t exist. Perhaps it was deleted?') ); |
|
| 62 | + if ( 'attachment' !== $att->post_type ) wp_die( __('You attempted to edit an item that isn’t an attachment. Please go back and try again.') ); |
|
| 63 | + if ( $att->post_status == 'trash' ) wp_die( __('You can’t edit this attachment because it is in the Trash. Please move it out of the Trash and try again.') ); |
|
| 64 | + |
|
| 65 | + add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); |
|
| 66 | + |
|
| 67 | + wp_enqueue_script( 'wp-ajax-response' ); |
|
| 68 | + wp_enqueue_script('image-edit'); |
|
| 69 | + wp_enqueue_style('imgareaselect'); |
|
| 70 | + |
|
| 71 | + get_current_screen()->add_help_tab( array( |
|
| 72 | + 'id' => 'overview', |
|
| 73 | + 'title' => __('Overview'), |
|
| 74 | + 'content' => |
|
| 75 | + '<p>' . __('This screen allows you to edit five fields for metadata in a file within the media library.') . '</p>' . |
|
| 76 | + '<p>' . __('For images only, you can click on Edit Image under the thumbnail to expand out an inline image editor with icons for cropping, rotating, or flipping the image as well as for undoing and redoing. The boxes on the right give you more options for scaling the image, for cropping it, and for cropping the thumbnail in a different way than you crop the original image. You can click on Help in those boxes to get more information.') . '</p>' . |
|
| 77 | + '<p>' . __('Note that you crop the image by clicking on it (the Crop icon is already selected) and dragging the cropping frame to select the desired part. Then click Save to retain the cropping.') . '</p>' . |
|
| 78 | + '<p>' . __('Remember to click Update Media to save metadata entered or changed.') . '</p>' |
|
| 79 | + ) ); |
|
| 80 | + |
|
| 81 | + get_current_screen()->set_help_sidebar( |
|
| 82 | + '<p><strong>' . __('For more information:') . '</strong></p>' . |
|
| 83 | + '<p>' . __('<a href="https://codex.wordpress.org/Media_Add_New_Screen#Edit_Media" target="_blank">Documentation on Edit Media</a>') . '</p>' . |
|
| 84 | + '<p>' . __('<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>' |
|
| 85 | + ); |
|
| 86 | + |
|
| 87 | + require( ABSPATH . 'wp-admin/admin-header.php' ); |
|
| 88 | + |
|
| 89 | + $parent_file = 'upload.php'; |
|
| 90 | + $message = ''; |
|
| 91 | + $class = ''; |
|
| 92 | + if ( isset($_GET['message']) ) { |
|
| 93 | + switch ( $_GET['message'] ) { |
|
| 94 | 94 | case 'updated' : |
| 95 | 95 | $message = __('Media file updated.'); |
| 96 | 96 | $class = 'updated'; |
| 97 | 97 | break; |
| 98 | - } |
|
| 98 | + } |
|
| 99 | 99 | } |
| 100 | 100 | if ( $message ) |
| 101 | 101 | echo "<div id='message' class='$class'><p>$message</p></div>\n"; |
@@ -139,8 +139,8 @@ discard block |
||
| 139 | 139 | |
| 140 | 140 | exit; |
| 141 | 141 | |
| 142 | -default: |
|
| 143 | - wp_redirect( admin_url('upload.php') ); |
|
| 144 | - exit; |
|
| 142 | + default: |
|
| 143 | + wp_redirect( admin_url('upload.php') ); |
|
| 144 | + exit; |
|
| 145 | 145 | |
| 146 | 146 | } |
@@ -30,56 +30,56 @@ |
||
| 30 | 30 | $redirect = 'edit.php'; |
| 31 | 31 | |
| 32 | 32 | switch ( $action ) { |
| 33 | -case 'restore' : |
|
| 34 | - if ( ! $revision = wp_get_post_revision( $revision_id ) ) |
|
| 35 | - break; |
|
| 33 | + case 'restore' : |
|
| 34 | + if ( ! $revision = wp_get_post_revision( $revision_id ) ) |
|
| 35 | + break; |
|
| 36 | 36 | |
| 37 | - if ( ! current_user_can( 'edit_post', $revision->post_parent ) ) |
|
| 38 | - break; |
|
| 37 | + if ( ! current_user_can( 'edit_post', $revision->post_parent ) ) |
|
| 38 | + break; |
|
| 39 | 39 | |
| 40 | - if ( ! $post = get_post( $revision->post_parent ) ) |
|
| 41 | - break; |
|
| 40 | + if ( ! $post = get_post( $revision->post_parent ) ) |
|
| 41 | + break; |
|
| 42 | 42 | |
| 43 | - // Restore if revisions are enabled or this is an autosave. |
|
| 44 | - if ( ! wp_revisions_enabled( $post ) && ! wp_is_post_autosave( $revision ) ) { |
|
| 45 | - $redirect = 'edit.php?post_type=' . $post->post_type; |
|
| 46 | - break; |
|
| 47 | - } |
|
| 43 | + // Restore if revisions are enabled or this is an autosave. |
|
| 44 | + if ( ! wp_revisions_enabled( $post ) && ! wp_is_post_autosave( $revision ) ) { |
|
| 45 | + $redirect = 'edit.php?post_type=' . $post->post_type; |
|
| 46 | + break; |
|
| 47 | + } |
|
| 48 | 48 | |
| 49 | - // Don't allow revision restore when post is locked |
|
| 50 | - if ( wp_check_post_lock( $post->ID ) ) |
|
| 51 | - break; |
|
| 49 | + // Don't allow revision restore when post is locked |
|
| 50 | + if ( wp_check_post_lock( $post->ID ) ) |
|
| 51 | + break; |
|
| 52 | 52 | |
| 53 | - check_admin_referer( "restore-post_{$revision->ID}" ); |
|
| 53 | + check_admin_referer( "restore-post_{$revision->ID}" ); |
|
| 54 | 54 | |
| 55 | - wp_restore_post_revision( $revision->ID ); |
|
| 56 | - $redirect = add_query_arg( array( 'message' => 5, 'revision' => $revision->ID ), get_edit_post_link( $post->ID, 'url' ) ); |
|
| 57 | - break; |
|
| 58 | -case 'view' : |
|
| 59 | -case 'edit' : |
|
| 60 | -default : |
|
| 61 | - if ( ! $revision = wp_get_post_revision( $revision_id ) ) |
|
| 55 | + wp_restore_post_revision( $revision->ID ); |
|
| 56 | + $redirect = add_query_arg( array( 'message' => 5, 'revision' => $revision->ID ), get_edit_post_link( $post->ID, 'url' ) ); |
|
| 62 | 57 | break; |
| 63 | - if ( ! $post = get_post( $revision->post_parent ) ) |
|
| 58 | + case 'view' : |
|
| 59 | + case 'edit' : |
|
| 60 | + default : |
|
| 61 | + if ( ! $revision = wp_get_post_revision( $revision_id ) ) |
|
| 62 | + break; |
|
| 63 | + if ( ! $post = get_post( $revision->post_parent ) ) |
|
| 64 | + break; |
|
| 65 | + |
|
| 66 | + if ( ! current_user_can( 'read_post', $revision->ID ) || ! current_user_can( 'edit_post', $revision->post_parent ) ) |
|
| 67 | + break; |
|
| 68 | + |
|
| 69 | + // Revisions disabled and we're not looking at an autosave |
|
| 70 | + if ( ! wp_revisions_enabled( $post ) && ! wp_is_post_autosave( $revision ) ) { |
|
| 71 | + $redirect = 'edit.php?post_type=' . $post->post_type; |
|
| 72 | + break; |
|
| 73 | + } |
|
| 74 | + |
|
| 75 | + $post_edit_link = get_edit_post_link(); |
|
| 76 | + $post_title = '<a href="' . $post_edit_link . '">' . _draft_or_post_title() . '</a>'; |
|
| 77 | + $h1 = sprintf( __( 'Compare Revisions of “%1$s”' ), $post_title ); |
|
| 78 | + $return_to_post = '<a href="' . $post_edit_link . '">' . __( '← Return to editor' ) . '</a>'; |
|
| 79 | + $title = __( 'Revisions' ); |
|
| 80 | + |
|
| 81 | + $redirect = false; |
|
| 64 | 82 | break; |
| 65 | - |
|
| 66 | - if ( ! current_user_can( 'read_post', $revision->ID ) || ! current_user_can( 'edit_post', $revision->post_parent ) ) |
|
| 67 | - break; |
|
| 68 | - |
|
| 69 | - // Revisions disabled and we're not looking at an autosave |
|
| 70 | - if ( ! wp_revisions_enabled( $post ) && ! wp_is_post_autosave( $revision ) ) { |
|
| 71 | - $redirect = 'edit.php?post_type=' . $post->post_type; |
|
| 72 | - break; |
|
| 73 | - } |
|
| 74 | - |
|
| 75 | - $post_edit_link = get_edit_post_link(); |
|
| 76 | - $post_title = '<a href="' . $post_edit_link . '">' . _draft_or_post_title() . '</a>'; |
|
| 77 | - $h1 = sprintf( __( 'Compare Revisions of “%1$s”' ), $post_title ); |
|
| 78 | - $return_to_post = '<a href="' . $post_edit_link . '">' . __( '← Return to editor' ) . '</a>'; |
|
| 79 | - $title = __( 'Revisions' ); |
|
| 80 | - |
|
| 81 | - $redirect = false; |
|
| 82 | - break; |
|
| 83 | 83 | } |
| 84 | 84 | |
| 85 | 85 | // Empty post_type means either malformed object found, or no valid parent was found. |
@@ -31,226 +31,226 @@ discard block |
||
| 31 | 31 | $caps = array(); |
| 32 | 32 | |
| 33 | 33 | switch ( $cap ) { |
| 34 | - case 'remove_user': |
|
| 35 | - $caps[] = 'remove_users'; |
|
| 36 | - break; |
|
| 37 | - case 'promote_user': |
|
| 38 | - case 'add_users': |
|
| 39 | - $caps[] = 'promote_users'; |
|
| 40 | - break; |
|
| 41 | - case 'edit_user': |
|
| 42 | - case 'edit_users': |
|
| 43 | - // Allow user to edit itself |
|
| 44 | - if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] ) |
|
| 34 | + case 'remove_user': |
|
| 35 | + $caps[] = 'remove_users'; |
|
| 45 | 36 | break; |
| 46 | - |
|
| 47 | - // In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin. |
|
| 48 | - if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) { |
|
| 49 | - $caps[] = 'do_not_allow'; |
|
| 50 | - } else { |
|
| 51 | - $caps[] = 'edit_users'; // edit_user maps to edit_users. |
|
| 52 | - } |
|
| 53 | - break; |
|
| 54 | - case 'delete_post': |
|
| 55 | - case 'delete_page': |
|
| 56 | - $post = get_post( $args[0] ); |
|
| 57 | - if ( ! $post ) { |
|
| 58 | - $caps[] = 'do_not_allow'; |
|
| 37 | + case 'promote_user': |
|
| 38 | + case 'add_users': |
|
| 39 | + $caps[] = 'promote_users'; |
|
| 59 | 40 | break; |
| 60 | - } |
|
| 41 | + case 'edit_user': |
|
| 42 | + case 'edit_users': |
|
| 43 | + // Allow user to edit itself |
|
| 44 | + if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] ) |
|
| 45 | + break; |
|
| 61 | 46 | |
| 62 | - if ( 'revision' == $post->post_type ) { |
|
| 63 | - $post = get_post( $post->post_parent ); |
|
| 47 | + // In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin. |
|
| 48 | + if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) { |
|
| 49 | + $caps[] = 'do_not_allow'; |
|
| 50 | + } else { |
|
| 51 | + $caps[] = 'edit_users'; // edit_user maps to edit_users. |
|
| 52 | + } |
|
| 53 | + break; |
|
| 54 | + case 'delete_post': |
|
| 55 | + case 'delete_page': |
|
| 56 | + $post = get_post( $args[0] ); |
|
| 64 | 57 | if ( ! $post ) { |
| 65 | 58 | $caps[] = 'do_not_allow'; |
| 66 | 59 | break; |
| 67 | 60 | } |
| 68 | - } |
|
| 69 | 61 | |
| 70 | - $post_type = get_post_type_object( $post->post_type ); |
|
| 71 | - if ( ! $post_type ) { |
|
| 72 | - /* translators: 1: post type, 2: capability name */ |
|
| 73 | - _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
|
| 74 | - $caps[] = 'edit_others_posts'; |
|
| 75 | - break; |
|
| 76 | - } |
|
| 62 | + if ( 'revision' == $post->post_type ) { |
|
| 63 | + $post = get_post( $post->post_parent ); |
|
| 64 | + if ( ! $post ) { |
|
| 65 | + $caps[] = 'do_not_allow'; |
|
| 66 | + break; |
|
| 67 | + } |
|
| 68 | + } |
|
| 77 | 69 | |
| 78 | - if ( ! $post_type->map_meta_cap ) { |
|
| 79 | - $caps[] = $post_type->cap->$cap; |
|
| 80 | - // Prior to 3.1 we would re-call map_meta_cap here. |
|
| 81 | - if ( 'delete_post' == $cap ) |
|
| 82 | - $cap = $post_type->cap->$cap; |
|
| 83 | - break; |
|
| 84 | - } |
|
| 70 | + $post_type = get_post_type_object( $post->post_type ); |
|
| 71 | + if ( ! $post_type ) { |
|
| 72 | + /* translators: 1: post type, 2: capability name */ |
|
| 73 | + _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
|
| 74 | + $caps[] = 'edit_others_posts'; |
|
| 75 | + break; |
|
| 76 | + } |
|
| 85 | 77 | |
| 86 | - // If the post author is set and the user is the author... |
|
| 87 | - if ( $post->post_author && $user_id == $post->post_author ) { |
|
| 88 | - // If the post is published or scheduled... |
|
| 89 | - if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { |
|
| 90 | - $caps[] = $post_type->cap->delete_published_posts; |
|
| 91 | - } elseif ( 'trash' == $post->post_status ) { |
|
| 92 | - $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); |
|
| 93 | - if ( in_array( $status, array( 'publish', 'future' ), true ) ) { |
|
| 78 | + if ( ! $post_type->map_meta_cap ) { |
|
| 79 | + $caps[] = $post_type->cap->$cap; |
|
| 80 | + // Prior to 3.1 we would re-call map_meta_cap here. |
|
| 81 | + if ( 'delete_post' == $cap ) |
|
| 82 | + $cap = $post_type->cap->$cap; |
|
| 83 | + break; |
|
| 84 | + } |
|
| 85 | + |
|
| 86 | + // If the post author is set and the user is the author... |
|
| 87 | + if ( $post->post_author && $user_id == $post->post_author ) { |
|
| 88 | + // If the post is published or scheduled... |
|
| 89 | + if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { |
|
| 94 | 90 | $caps[] = $post_type->cap->delete_published_posts; |
| 91 | + } elseif ( 'trash' == $post->post_status ) { |
|
| 92 | + $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); |
|
| 93 | + if ( in_array( $status, array( 'publish', 'future' ), true ) ) { |
|
| 94 | + $caps[] = $post_type->cap->delete_published_posts; |
|
| 95 | + } else { |
|
| 96 | + $caps[] = $post_type->cap->delete_posts; |
|
| 97 | + } |
|
| 95 | 98 | } else { |
| 99 | + // If the post is draft... |
|
| 96 | 100 | $caps[] = $post_type->cap->delete_posts; |
| 97 | 101 | } |
| 98 | 102 | } else { |
| 99 | - // If the post is draft... |
|
| 100 | - $caps[] = $post_type->cap->delete_posts; |
|
| 101 | - } |
|
| 102 | - } else { |
|
| 103 | - // The user is trying to edit someone else's post. |
|
| 104 | - $caps[] = $post_type->cap->delete_others_posts; |
|
| 105 | - // The post is published or scheduled, extra cap required. |
|
| 106 | - if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { |
|
| 107 | - $caps[] = $post_type->cap->delete_published_posts; |
|
| 108 | - } elseif ( 'private' == $post->post_status ) { |
|
| 109 | - $caps[] = $post_type->cap->delete_private_posts; |
|
| 103 | + // The user is trying to edit someone else's post. |
|
| 104 | + $caps[] = $post_type->cap->delete_others_posts; |
|
| 105 | + // The post is published or scheduled, extra cap required. |
|
| 106 | + if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { |
|
| 107 | + $caps[] = $post_type->cap->delete_published_posts; |
|
| 108 | + } elseif ( 'private' == $post->post_status ) { |
|
| 109 | + $caps[] = $post_type->cap->delete_private_posts; |
|
| 110 | + } |
|
| 110 | 111 | } |
| 111 | - } |
|
| 112 | - break; |
|
| 113 | - // edit_post breaks down to edit_posts, edit_published_posts, or |
|
| 114 | - // edit_others_posts |
|
| 115 | - case 'edit_post': |
|
| 116 | - case 'edit_page': |
|
| 117 | - $post = get_post( $args[0] ); |
|
| 118 | - if ( ! $post ) { |
|
| 119 | - $caps[] = 'do_not_allow'; |
|
| 120 | 112 | break; |
| 121 | - } |
|
| 122 | - |
|
| 123 | - if ( 'revision' == $post->post_type ) { |
|
| 124 | - $post = get_post( $post->post_parent ); |
|
| 113 | + // edit_post breaks down to edit_posts, edit_published_posts, or |
|
| 114 | + // edit_others_posts |
|
| 115 | + case 'edit_post': |
|
| 116 | + case 'edit_page': |
|
| 117 | + $post = get_post( $args[0] ); |
|
| 125 | 118 | if ( ! $post ) { |
| 126 | 119 | $caps[] = 'do_not_allow'; |
| 127 | 120 | break; |
| 128 | 121 | } |
| 129 | - } |
|
| 130 | 122 | |
| 131 | - $post_type = get_post_type_object( $post->post_type ); |
|
| 132 | - if ( ! $post_type ) { |
|
| 133 | - /* translators: 1: post type, 2: capability name */ |
|
| 134 | - _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
|
| 135 | - $caps[] = 'edit_others_posts'; |
|
| 136 | - break; |
|
| 137 | - } |
|
| 123 | + if ( 'revision' == $post->post_type ) { |
|
| 124 | + $post = get_post( $post->post_parent ); |
|
| 125 | + if ( ! $post ) { |
|
| 126 | + $caps[] = 'do_not_allow'; |
|
| 127 | + break; |
|
| 128 | + } |
|
| 129 | + } |
|
| 138 | 130 | |
| 139 | - if ( ! $post_type->map_meta_cap ) { |
|
| 140 | - $caps[] = $post_type->cap->$cap; |
|
| 141 | - // Prior to 3.1 we would re-call map_meta_cap here. |
|
| 142 | - if ( 'edit_post' == $cap ) |
|
| 143 | - $cap = $post_type->cap->$cap; |
|
| 144 | - break; |
|
| 145 | - } |
|
| 131 | + $post_type = get_post_type_object( $post->post_type ); |
|
| 132 | + if ( ! $post_type ) { |
|
| 133 | + /* translators: 1: post type, 2: capability name */ |
|
| 134 | + _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
|
| 135 | + $caps[] = 'edit_others_posts'; |
|
| 136 | + break; |
|
| 137 | + } |
|
| 146 | 138 | |
| 147 | - // If the post author is set and the user is the author... |
|
| 148 | - if ( $post->post_author && $user_id == $post->post_author ) { |
|
| 149 | - // If the post is published or scheduled... |
|
| 150 | - if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { |
|
| 151 | - $caps[] = $post_type->cap->edit_published_posts; |
|
| 152 | - } elseif ( 'trash' == $post->post_status ) { |
|
| 153 | - $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); |
|
| 154 | - if ( in_array( $status, array( 'publish', 'future' ), true ) ) { |
|
| 139 | + if ( ! $post_type->map_meta_cap ) { |
|
| 140 | + $caps[] = $post_type->cap->$cap; |
|
| 141 | + // Prior to 3.1 we would re-call map_meta_cap here. |
|
| 142 | + if ( 'edit_post' == $cap ) |
|
| 143 | + $cap = $post_type->cap->$cap; |
|
| 144 | + break; |
|
| 145 | + } |
|
| 146 | + |
|
| 147 | + // If the post author is set and the user is the author... |
|
| 148 | + if ( $post->post_author && $user_id == $post->post_author ) { |
|
| 149 | + // If the post is published or scheduled... |
|
| 150 | + if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { |
|
| 155 | 151 | $caps[] = $post_type->cap->edit_published_posts; |
| 152 | + } elseif ( 'trash' == $post->post_status ) { |
|
| 153 | + $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); |
|
| 154 | + if ( in_array( $status, array( 'publish', 'future' ), true ) ) { |
|
| 155 | + $caps[] = $post_type->cap->edit_published_posts; |
|
| 156 | + } else { |
|
| 157 | + $caps[] = $post_type->cap->edit_posts; |
|
| 158 | + } |
|
| 156 | 159 | } else { |
| 160 | + // If the post is draft... |
|
| 157 | 161 | $caps[] = $post_type->cap->edit_posts; |
| 158 | 162 | } |
| 159 | 163 | } else { |
| 160 | - // If the post is draft... |
|
| 161 | - $caps[] = $post_type->cap->edit_posts; |
|
| 162 | - } |
|
| 163 | - } else { |
|
| 164 | - // The user is trying to edit someone else's post. |
|
| 165 | - $caps[] = $post_type->cap->edit_others_posts; |
|
| 166 | - // The post is published or scheduled, extra cap required. |
|
| 167 | - if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { |
|
| 168 | - $caps[] = $post_type->cap->edit_published_posts; |
|
| 169 | - } elseif ( 'private' == $post->post_status ) { |
|
| 170 | - $caps[] = $post_type->cap->edit_private_posts; |
|
| 164 | + // The user is trying to edit someone else's post. |
|
| 165 | + $caps[] = $post_type->cap->edit_others_posts; |
|
| 166 | + // The post is published or scheduled, extra cap required. |
|
| 167 | + if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { |
|
| 168 | + $caps[] = $post_type->cap->edit_published_posts; |
|
| 169 | + } elseif ( 'private' == $post->post_status ) { |
|
| 170 | + $caps[] = $post_type->cap->edit_private_posts; |
|
| 171 | + } |
|
| 171 | 172 | } |
| 172 | - } |
|
| 173 | - break; |
|
| 174 | - case 'read_post': |
|
| 175 | - case 'read_page': |
|
| 176 | - $post = get_post( $args[0] ); |
|
| 177 | - if ( ! $post ) { |
|
| 178 | - $caps[] = 'do_not_allow'; |
|
| 179 | 173 | break; |
| 180 | - } |
|
| 181 | - |
|
| 182 | - if ( 'revision' == $post->post_type ) { |
|
| 183 | - $post = get_post( $post->post_parent ); |
|
| 174 | + case 'read_post': |
|
| 175 | + case 'read_page': |
|
| 176 | + $post = get_post( $args[0] ); |
|
| 184 | 177 | if ( ! $post ) { |
| 185 | 178 | $caps[] = 'do_not_allow'; |
| 186 | 179 | break; |
| 187 | 180 | } |
| 188 | - } |
|
| 189 | 181 | |
| 190 | - $post_type = get_post_type_object( $post->post_type ); |
|
| 191 | - if ( ! $post_type ) { |
|
| 192 | - /* translators: 1: post type, 2: capability name */ |
|
| 193 | - _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
|
| 194 | - $caps[] = 'edit_others_posts'; |
|
| 195 | - break; |
|
| 196 | - } |
|
| 182 | + if ( 'revision' == $post->post_type ) { |
|
| 183 | + $post = get_post( $post->post_parent ); |
|
| 184 | + if ( ! $post ) { |
|
| 185 | + $caps[] = 'do_not_allow'; |
|
| 186 | + break; |
|
| 187 | + } |
|
| 188 | + } |
|
| 197 | 189 | |
| 198 | - if ( ! $post_type->map_meta_cap ) { |
|
| 199 | - $caps[] = $post_type->cap->$cap; |
|
| 200 | - // Prior to 3.1 we would re-call map_meta_cap here. |
|
| 201 | - if ( 'read_post' == $cap ) |
|
| 202 | - $cap = $post_type->cap->$cap; |
|
| 203 | - break; |
|
| 204 | - } |
|
| 190 | + $post_type = get_post_type_object( $post->post_type ); |
|
| 191 | + if ( ! $post_type ) { |
|
| 192 | + /* translators: 1: post type, 2: capability name */ |
|
| 193 | + _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
|
| 194 | + $caps[] = 'edit_others_posts'; |
|
| 195 | + break; |
|
| 196 | + } |
|
| 205 | 197 | |
| 206 | - $status_obj = get_post_status_object( $post->post_status ); |
|
| 207 | - if ( $status_obj->public ) { |
|
| 208 | - $caps[] = $post_type->cap->read; |
|
| 209 | - break; |
|
| 210 | - } |
|
| 198 | + if ( ! $post_type->map_meta_cap ) { |
|
| 199 | + $caps[] = $post_type->cap->$cap; |
|
| 200 | + // Prior to 3.1 we would re-call map_meta_cap here. |
|
| 201 | + if ( 'read_post' == $cap ) |
|
| 202 | + $cap = $post_type->cap->$cap; |
|
| 203 | + break; |
|
| 204 | + } |
|
| 211 | 205 | |
| 212 | - if ( $post->post_author && $user_id == $post->post_author ) { |
|
| 213 | - $caps[] = $post_type->cap->read; |
|
| 214 | - } elseif ( $status_obj->private ) { |
|
| 215 | - $caps[] = $post_type->cap->read_private_posts; |
|
| 216 | - } else { |
|
| 217 | - $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); |
|
| 218 | - } |
|
| 219 | - break; |
|
| 220 | - case 'publish_post': |
|
| 221 | - $post = get_post( $args[0] ); |
|
| 222 | - if ( ! $post ) { |
|
| 223 | - $caps[] = 'do_not_allow'; |
|
| 224 | - break; |
|
| 225 | - } |
|
| 206 | + $status_obj = get_post_status_object( $post->post_status ); |
|
| 207 | + if ( $status_obj->public ) { |
|
| 208 | + $caps[] = $post_type->cap->read; |
|
| 209 | + break; |
|
| 210 | + } |
|
| 226 | 211 | |
| 227 | - $post_type = get_post_type_object( $post->post_type ); |
|
| 228 | - if ( ! $post_type ) { |
|
| 229 | - /* translators: 1: post type, 2: capability name */ |
|
| 230 | - _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
|
| 231 | - $caps[] = 'edit_others_posts'; |
|
| 212 | + if ( $post->post_author && $user_id == $post->post_author ) { |
|
| 213 | + $caps[] = $post_type->cap->read; |
|
| 214 | + } elseif ( $status_obj->private ) { |
|
| 215 | + $caps[] = $post_type->cap->read_private_posts; |
|
| 216 | + } else { |
|
| 217 | + $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); |
|
| 218 | + } |
|
| 232 | 219 | break; |
| 233 | - } |
|
| 220 | + case 'publish_post': |
|
| 221 | + $post = get_post( $args[0] ); |
|
| 222 | + if ( ! $post ) { |
|
| 223 | + $caps[] = 'do_not_allow'; |
|
| 224 | + break; |
|
| 225 | + } |
|
| 226 | + |
|
| 227 | + $post_type = get_post_type_object( $post->post_type ); |
|
| 228 | + if ( ! $post_type ) { |
|
| 229 | + /* translators: 1: post type, 2: capability name */ |
|
| 230 | + _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
|
| 231 | + $caps[] = 'edit_others_posts'; |
|
| 232 | + break; |
|
| 233 | + } |
|
| 234 | 234 | |
| 235 | - $caps[] = $post_type->cap->publish_posts; |
|
| 236 | - break; |
|
| 237 | - case 'edit_post_meta': |
|
| 238 | - case 'delete_post_meta': |
|
| 239 | - case 'add_post_meta': |
|
| 240 | - $post = get_post( $args[0] ); |
|
| 241 | - if ( ! $post ) { |
|
| 242 | - $caps[] = 'do_not_allow'; |
|
| 235 | + $caps[] = $post_type->cap->publish_posts; |
|
| 243 | 236 | break; |
| 244 | - } |
|
| 237 | + case 'edit_post_meta': |
|
| 238 | + case 'delete_post_meta': |
|
| 239 | + case 'add_post_meta': |
|
| 240 | + $post = get_post( $args[0] ); |
|
| 241 | + if ( ! $post ) { |
|
| 242 | + $caps[] = 'do_not_allow'; |
|
| 243 | + break; |
|
| 244 | + } |
|
| 245 | 245 | |
| 246 | - $post_type = get_post_type( $post ); |
|
| 246 | + $post_type = get_post_type( $post ); |
|
| 247 | 247 | |
| 248 | - $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); |
|
| 248 | + $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); |
|
| 249 | 249 | |
| 250 | - $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; |
|
| 250 | + $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; |
|
| 251 | 251 | |
| 252 | - if ( $meta_key && ( has_filter( "auth_post_meta_{$meta_key}" ) || has_filter( "auth_post_{$post_type}_meta_{$meta_key}" ) ) ) { |
|
| 253 | - /** |
|
| 252 | + if ( $meta_key && ( has_filter( "auth_post_meta_{$meta_key}" ) || has_filter( "auth_post_{$post_type}_meta_{$meta_key}" ) ) ) { |
|
| 253 | + /** |
|
| 254 | 254 | * Filters whether the user is allowed to add post meta to a post. |
| 255 | 255 | * |
| 256 | 256 | * The dynamic portion of the hook name, `$meta_key`, refers to the |
@@ -265,9 +265,9 @@ discard block |
||
| 265 | 265 | * @param string $cap Capability name. |
| 266 | 266 | * @param array $caps User capabilities. |
| 267 | 267 | */ |
| 268 | - $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps ); |
|
| 268 | + $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps ); |
|
| 269 | 269 | |
| 270 | - /** |
|
| 270 | + /** |
|
| 271 | 271 | * Filters whether the user is allowed to add post meta to a post of a given type. |
| 272 | 272 | * |
| 273 | 273 | * The dynamic portions of the hook name, `$meta_key` and `$post_type`, |
@@ -282,131 +282,131 @@ discard block |
||
| 282 | 282 | * @param string $cap Capability name. |
| 283 | 283 | * @param array $caps User capabilities. |
| 284 | 284 | */ |
| 285 | - $allowed = apply_filters( "auth_post_{$post_type}_meta_{$meta_key}", $allowed, $meta_key, $post->ID, $user_id, $cap, $caps ); |
|
| 285 | + $allowed = apply_filters( "auth_post_{$post_type}_meta_{$meta_key}", $allowed, $meta_key, $post->ID, $user_id, $cap, $caps ); |
|
| 286 | 286 | |
| 287 | - if ( ! $allowed ) |
|
| 287 | + if ( ! $allowed ) |
|
| 288 | + $caps[] = $cap; |
|
| 289 | + } elseif ( $meta_key && is_protected_meta( $meta_key, 'post' ) ) { |
|
| 288 | 290 | $caps[] = $cap; |
| 289 | - } elseif ( $meta_key && is_protected_meta( $meta_key, 'post' ) ) { |
|
| 290 | - $caps[] = $cap; |
|
| 291 | - } |
|
| 292 | - break; |
|
| 293 | - case 'edit_comment': |
|
| 294 | - $comment = get_comment( $args[0] ); |
|
| 295 | - if ( ! $comment ) { |
|
| 296 | - $caps[] = 'do_not_allow'; |
|
| 291 | + } |
|
| 297 | 292 | break; |
| 298 | - } |
|
| 293 | + case 'edit_comment': |
|
| 294 | + $comment = get_comment( $args[0] ); |
|
| 295 | + if ( ! $comment ) { |
|
| 296 | + $caps[] = 'do_not_allow'; |
|
| 297 | + break; |
|
| 298 | + } |
|
| 299 | 299 | |
| 300 | - $post = get_post( $comment->comment_post_ID ); |
|
| 300 | + $post = get_post( $comment->comment_post_ID ); |
|
| 301 | 301 | |
| 302 | - /* |
|
| 302 | + /* |
|
| 303 | 303 | * If the post doesn't exist, we have an orphaned comment. |
| 304 | 304 | * Fall back to the edit_posts capability, instead. |
| 305 | 305 | */ |
| 306 | - if ( $post ) { |
|
| 307 | - $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); |
|
| 308 | - } else { |
|
| 309 | - $caps = map_meta_cap( 'edit_posts', $user_id ); |
|
| 310 | - } |
|
| 311 | - break; |
|
| 312 | - case 'unfiltered_upload': |
|
| 313 | - if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) |
|
| 314 | - $caps[] = $cap; |
|
| 315 | - else |
|
| 316 | - $caps[] = 'do_not_allow'; |
|
| 317 | - break; |
|
| 318 | - case 'unfiltered_html' : |
|
| 319 | - // Disallow unfiltered_html for all users, even admins and super admins. |
|
| 320 | - if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) |
|
| 321 | - $caps[] = 'do_not_allow'; |
|
| 322 | - elseif ( is_multisite() && ! is_super_admin( $user_id ) ) |
|
| 323 | - $caps[] = 'do_not_allow'; |
|
| 324 | - else |
|
| 325 | - $caps[] = $cap; |
|
| 326 | - break; |
|
| 327 | - case 'edit_files': |
|
| 328 | - case 'edit_plugins': |
|
| 329 | - case 'edit_themes': |
|
| 330 | - // Disallow the file editors. |
|
| 331 | - if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ) |
|
| 332 | - $caps[] = 'do_not_allow'; |
|
| 333 | - elseif ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) |
|
| 334 | - $caps[] = 'do_not_allow'; |
|
| 335 | - elseif ( is_multisite() && ! is_super_admin( $user_id ) ) |
|
| 336 | - $caps[] = 'do_not_allow'; |
|
| 337 | - else |
|
| 338 | - $caps[] = $cap; |
|
| 339 | - break; |
|
| 340 | - case 'update_plugins': |
|
| 341 | - case 'delete_plugins': |
|
| 342 | - case 'install_plugins': |
|
| 343 | - case 'upload_plugins': |
|
| 344 | - case 'update_themes': |
|
| 345 | - case 'delete_themes': |
|
| 346 | - case 'install_themes': |
|
| 347 | - case 'upload_themes': |
|
| 348 | - case 'update_core': |
|
| 349 | - // Disallow anything that creates, deletes, or updates core, plugin, or theme files. |
|
| 350 | - // Files in uploads are excepted. |
|
| 351 | - if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) { |
|
| 352 | - $caps[] = 'do_not_allow'; |
|
| 353 | - } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { |
|
| 354 | - $caps[] = 'do_not_allow'; |
|
| 355 | - } elseif ( 'upload_themes' === $cap ) { |
|
| 356 | - $caps[] = 'install_themes'; |
|
| 357 | - } elseif ( 'upload_plugins' === $cap ) { |
|
| 358 | - $caps[] = 'install_plugins'; |
|
| 359 | - } else { |
|
| 360 | - $caps[] = $cap; |
|
| 361 | - } |
|
| 362 | - break; |
|
| 363 | - case 'activate_plugins': |
|
| 364 | - $caps[] = $cap; |
|
| 365 | - if ( is_multisite() ) { |
|
| 366 | - // update_, install_, and delete_ are handled above with is_super_admin(). |
|
| 367 | - $menu_perms = get_site_option( 'menu_items', array() ); |
|
| 368 | - if ( empty( $menu_perms['plugins'] ) ) |
|
| 369 | - $caps[] = 'manage_network_plugins'; |
|
| 370 | - } |
|
| 371 | - break; |
|
| 372 | - case 'delete_user': |
|
| 373 | - case 'delete_users': |
|
| 374 | - // If multisite only super admins can delete users. |
|
| 375 | - if ( is_multisite() && ! is_super_admin( $user_id ) ) |
|
| 376 | - $caps[] = 'do_not_allow'; |
|
| 377 | - else |
|
| 378 | - $caps[] = 'delete_users'; // delete_user maps to delete_users. |
|
| 379 | - break; |
|
| 380 | - case 'create_users': |
|
| 381 | - if ( !is_multisite() ) |
|
| 382 | - $caps[] = $cap; |
|
| 383 | - elseif ( is_super_admin( $user_id ) || get_site_option( 'add_new_users' ) ) |
|
| 384 | - $caps[] = $cap; |
|
| 385 | - else |
|
| 386 | - $caps[] = 'do_not_allow'; |
|
| 387 | - break; |
|
| 388 | - case 'manage_links' : |
|
| 389 | - if ( get_option( 'link_manager_enabled' ) ) |
|
| 306 | + if ( $post ) { |
|
| 307 | + $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); |
|
| 308 | + } else { |
|
| 309 | + $caps = map_meta_cap( 'edit_posts', $user_id ); |
|
| 310 | + } |
|
| 311 | + break; |
|
| 312 | + case 'unfiltered_upload': |
|
| 313 | + if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) |
|
| 314 | + $caps[] = $cap; |
|
| 315 | + else |
|
| 316 | + $caps[] = 'do_not_allow'; |
|
| 317 | + break; |
|
| 318 | + case 'unfiltered_html' : |
|
| 319 | + // Disallow unfiltered_html for all users, even admins and super admins. |
|
| 320 | + if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) |
|
| 321 | + $caps[] = 'do_not_allow'; |
|
| 322 | + elseif ( is_multisite() && ! is_super_admin( $user_id ) ) |
|
| 323 | + $caps[] = 'do_not_allow'; |
|
| 324 | + else |
|
| 325 | + $caps[] = $cap; |
|
| 326 | + break; |
|
| 327 | + case 'edit_files': |
|
| 328 | + case 'edit_plugins': |
|
| 329 | + case 'edit_themes': |
|
| 330 | + // Disallow the file editors. |
|
| 331 | + if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ) |
|
| 332 | + $caps[] = 'do_not_allow'; |
|
| 333 | + elseif ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) |
|
| 334 | + $caps[] = 'do_not_allow'; |
|
| 335 | + elseif ( is_multisite() && ! is_super_admin( $user_id ) ) |
|
| 336 | + $caps[] = 'do_not_allow'; |
|
| 337 | + else |
|
| 338 | + $caps[] = $cap; |
|
| 339 | + break; |
|
| 340 | + case 'update_plugins': |
|
| 341 | + case 'delete_plugins': |
|
| 342 | + case 'install_plugins': |
|
| 343 | + case 'upload_plugins': |
|
| 344 | + case 'update_themes': |
|
| 345 | + case 'delete_themes': |
|
| 346 | + case 'install_themes': |
|
| 347 | + case 'upload_themes': |
|
| 348 | + case 'update_core': |
|
| 349 | + // Disallow anything that creates, deletes, or updates core, plugin, or theme files. |
|
| 350 | + // Files in uploads are excepted. |
|
| 351 | + if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) { |
|
| 352 | + $caps[] = 'do_not_allow'; |
|
| 353 | + } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { |
|
| 354 | + $caps[] = 'do_not_allow'; |
|
| 355 | + } elseif ( 'upload_themes' === $cap ) { |
|
| 356 | + $caps[] = 'install_themes'; |
|
| 357 | + } elseif ( 'upload_plugins' === $cap ) { |
|
| 358 | + $caps[] = 'install_plugins'; |
|
| 359 | + } else { |
|
| 360 | + $caps[] = $cap; |
|
| 361 | + } |
|
| 362 | + break; |
|
| 363 | + case 'activate_plugins': |
|
| 390 | 364 | $caps[] = $cap; |
| 391 | - else |
|
| 392 | - $caps[] = 'do_not_allow'; |
|
| 393 | - break; |
|
| 394 | - case 'customize' : |
|
| 395 | - $caps[] = 'edit_theme_options'; |
|
| 396 | - break; |
|
| 397 | - case 'delete_site': |
|
| 398 | - $caps[] = 'manage_options'; |
|
| 399 | - break; |
|
| 400 | - default: |
|
| 401 | - // Handle meta capabilities for custom post types. |
|
| 402 | - global $post_type_meta_caps; |
|
| 403 | - if ( isset( $post_type_meta_caps[ $cap ] ) ) { |
|
| 404 | - $args = array_merge( array( $post_type_meta_caps[ $cap ], $user_id ), $args ); |
|
| 405 | - return call_user_func_array( 'map_meta_cap', $args ); |
|
| 406 | - } |
|
| 365 | + if ( is_multisite() ) { |
|
| 366 | + // update_, install_, and delete_ are handled above with is_super_admin(). |
|
| 367 | + $menu_perms = get_site_option( 'menu_items', array() ); |
|
| 368 | + if ( empty( $menu_perms['plugins'] ) ) |
|
| 369 | + $caps[] = 'manage_network_plugins'; |
|
| 370 | + } |
|
| 371 | + break; |
|
| 372 | + case 'delete_user': |
|
| 373 | + case 'delete_users': |
|
| 374 | + // If multisite only super admins can delete users. |
|
| 375 | + if ( is_multisite() && ! is_super_admin( $user_id ) ) |
|
| 376 | + $caps[] = 'do_not_allow'; |
|
| 377 | + else |
|
| 378 | + $caps[] = 'delete_users'; // delete_user maps to delete_users. |
|
| 379 | + break; |
|
| 380 | + case 'create_users': |
|
| 381 | + if ( !is_multisite() ) |
|
| 382 | + $caps[] = $cap; |
|
| 383 | + elseif ( is_super_admin( $user_id ) || get_site_option( 'add_new_users' ) ) |
|
| 384 | + $caps[] = $cap; |
|
| 385 | + else |
|
| 386 | + $caps[] = 'do_not_allow'; |
|
| 387 | + break; |
|
| 388 | + case 'manage_links' : |
|
| 389 | + if ( get_option( 'link_manager_enabled' ) ) |
|
| 390 | + $caps[] = $cap; |
|
| 391 | + else |
|
| 392 | + $caps[] = 'do_not_allow'; |
|
| 393 | + break; |
|
| 394 | + case 'customize' : |
|
| 395 | + $caps[] = 'edit_theme_options'; |
|
| 396 | + break; |
|
| 397 | + case 'delete_site': |
|
| 398 | + $caps[] = 'manage_options'; |
|
| 399 | + break; |
|
| 400 | + default: |
|
| 401 | + // Handle meta capabilities for custom post types. |
|
| 402 | + global $post_type_meta_caps; |
|
| 403 | + if ( isset( $post_type_meta_caps[ $cap ] ) ) { |
|
| 404 | + $args = array_merge( array( $post_type_meta_caps[ $cap ], $user_id ), $args ); |
|
| 405 | + return call_user_func_array( 'map_meta_cap', $args ); |
|
| 406 | + } |
|
| 407 | 407 | |
| 408 | - // If no meta caps match, return the original cap. |
|
| 409 | - $caps[] = $cap; |
|
| 408 | + // If no meta caps match, return the original cap. |
|
| 409 | + $caps[] = $cap; |
|
| 410 | 410 | } |
| 411 | 411 | |
| 412 | 412 | /** |
