From ac23d53402017a9a7ea3d4447a6fe7b4c8a58c1d Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Fri, 13 Sep 2013 21:21:16 +0000
Subject: [PATCH] * Avoid notices in `tests/ajax/Autosave` by bailing early
 when `get_post()` returns nothing. * Check for the existence of
 `$_POST['catslist']` before using it in `wp_ajax_autosave()`.

See #25282.



git-svn-id: https://develop.svn.wordpress.org/trunk@25430 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/ajax-actions.php | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
index 0dbdb0513a..e16e3dd40b 100644
--- a/src/wp-admin/includes/ajax-actions.php
+++ b/src/wp-admin/includes/ajax-actions.php
@@ -1047,9 +1047,10 @@ function wp_ajax_autosave() {
 
 	check_ajax_referer( 'autosave', 'autosavenonce' );
 
-	$_POST['post_category'] = explode(",", $_POST['catslist']);
-	if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
-		unset($_POST['post_category']);
+	if ( ! empty( $_POST['catslist'] ) )
+		$_POST['post_category'] = explode( ',', $_POST['catslist'] );
+	if ( $_POST['post_type'] == 'page' || empty( $_POST['post_category'] ) )
+		unset( $_POST['post_category'] );
 
 	$data = '';
 	$supplemental = array();
@@ -1057,18 +1058,16 @@ function wp_ajax_autosave() {
 
 	$post_id = (int) $_POST['post_id'];
 	$_POST['ID'] = $_POST['post_ID'] = $post_id;
-	$post = get_post($post_id);
+	$post = get_post( $post_id );
+	if ( empty( $post->ID ) || ! current_user_can( 'edit_post', $post->ID ) )
+		wp_die( __( 'You are not allowed to edit this post.' ) );
+
+	if ( 'page' == $post->post_type && ! current_user_can( 'edit_page', $post->ID ) )
+		wp_die( __( 'You are not allowed to edit this page.' ) );
+
 	if ( 'auto-draft' == $post->post_status )
 		$_POST['post_status'] = 'draft';
 
-	if ( 'page' == $post->post_type ) {
-		if ( !current_user_can('edit_page', $post->ID) )
-			wp_die( __( 'You are not allowed to edit this page.' ) );
-	} else {
-		if ( !current_user_can('edit_post', $post->ID) )
-			wp_die( __( 'You are not allowed to edit this post.' ) );
-	}
-
 	if ( ! empty( $_POST['autosave'] ) ) {
 		if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
 			// Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked