vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

REST API: Prevent deletion of post revisions.

Browse Source 
Allowing the client to delete revisions breaks the "audit trail" functionality. This is not allowed in WordPress and shouldn't be allowed through the API.
While not recommended, a plugin may opt-in to the previous behavior by setting a custom 'delete_post' capability for the revisions post type.

Props dlh, danielbachhuber, TimothyBlynJacobs, azaozz, kadamwhite.
Fixes #43709.



git-svn-id: https://develop.svn.wordpress.org/trunk@45812 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
K. Adam White
2019-08-15 22:00:49 +00:00
parent eb468c4446
commit 8f100777e8
3 changed files with 54 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/wp-includes/capabilities.php
View File

@@ -72,11 +72,8 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
}
if ( 'revision' == $post->post_type ) {
$post = get_post( $post->post_parent );
if ( ! $post ) {
$caps[] = 'do_not_allow';
break;
}
$caps[] = 'do_not_allow';
break;
}
if ( ( get_option( 'page_for_posts' ) == $post->ID ) || ( get_option( 'page_on_front' ) == $post->ID ) ) {