From 8cf0dd0eaa0b900bbaf482e63d530fdf916fdd4f Mon Sep 17 00:00:00 2001 From: markjaquith Date: Fri, 28 May 2010 15:49:13 +0000 Subject: [PATCH] Do proper caps check when processing bulk edited posts, and hide the checkbox on the Page edit page for users who lack permissions. props ocean90 git-svn-id: http://svn.automattic.com/wordpress/trunk@15032 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/post.php | 3 ++- wp-admin/includes/template.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index 9b84df03d..5f8b6fd0f 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -299,8 +299,9 @@ function bulk_edit_posts( $post_data = null ) { $updated = $skipped = $locked = array(); foreach ( $post_IDs as $post_ID ) { + $post_type_object = get_post_type_object( get_post_type( $post_ID ) ); - if ( isset($children) && in_array($post_ID, $children) ) { + if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) { $skipped[] = $post_ID; continue; } diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 9a9fde27a..ec1d6c40b 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -1529,7 +1529,7 @@ foreach ( $posts_columns as $column_name => $column_display_name ) { case 'cb': ?> - + cap->edit_post, $page->ID ) ) { ?>