From a7c05258701e480d24ac10dc6d5d3ecb929749f5 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 29 Nov 2007 05:51:09 +0000
Subject: [PATCH] When posting by email, publish only if user has publish caps,
 otherwise set status to pending. Props Bobcat.  fixes #4642

git-svn-id: http://svn.automattic.com/wordpress/trunk@6349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-mail.php | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/wp-mail.php b/wp-mail.php
index e5100558d..dc803ed8e 100644
--- a/wp-mail.php
+++ b/wp-mail.php
@@ -27,6 +27,8 @@ for ($i=1; $i <= $count; $i++) :
 	$content_transfer_encoding = '';
 	$boundary = '';
 	$bodysignal = 0;
+	$post_author = 1;
+	$author_found = false;
 	$dmonths = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
 	foreach ($message as $line) :
 		if (strlen($line) < 3) $bodysignal = 1;
@@ -70,14 +72,18 @@ for ($i=1; $i <= $count; $i++) :
 				$author = sanitize_email($author);
 				if ( is_email($author) ) {
 					echo "Author = {$author} <p>";
-					$author = $wpdb->escape($author);
-					$result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1");
-					if (!$result)
+					$userdata = get_user_by_email($author);
+					if (!$userdata) {
 						$post_author = 1;
-					else
-						$post_author = $result->ID;
-				} else
+						$author_found = false;
+					} else {
+						$post_author = $userdata->ID;
+						$author_found = true;
+					}
+				} else {
 					$post_author = 1;
+					$author_found = false;
+				}
 			}
 
 			if (preg_match('/Date: /i', $line)) { // of the form '20 Mar 2002 20:32:37'
@@ -111,6 +117,18 @@ for ($i=1; $i <= $count; $i++) :
 		}
 	endforeach;
 
+	// Set $post_status based on $author_found and on author's publish_posts capability
+	if ($author_found) {
+		$user = new WP_User($post_author);
+		if ($user->has_cap('publish_posts'))
+			$post_status = 'publish';
+		else
+			$post_status = 'pending';
+	} else {
+		// Author not found in DB, set status to pending.  Author already set to admin.
+		$post_status = 'pending';
+	}
+
 	$subject = trim($subject);
 
 	if ($content_type == 'multipart/alternative') {
@@ -144,9 +162,6 @@ for ($i=1; $i <= $count; $i++) :
 
 	$post_category = $post_categories;
 
-	// or maybe we should leave the choice to email drafts? propose a way
-	$post_status = 'publish';
-
 	$post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
 	$post_data = add_magic_quotes($post_data);