Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.

git-svn-id: https://develop.svn.wordpress.org/trunk@24593 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
2013-07-08 20:05:42 +00:00
parent e16dca6fc9
commit f3b332e9bb
12 changed files with 28 additions and 37 deletions

View File

@@ -47,8 +47,7 @@ if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id
$post = get_post( $id );
if ( 'attachment' != $post->post_type )
wp_die( __( 'Unknown post type.' ) );
$post_type_object = get_post_type_object( 'attachment' );
if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) )
if ( ! current_user_can( 'edit_post', $id ) )
wp_die( __( 'You are not allowed to edit this item.' ) );
switch ( $_REQUEST['fetch'] ) {