Skip to content

Commit

Permalink
move the current_user_can and do a proper check against the post type
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomjn
tomjn committed Apr 2, 2013
1 parent 34a80b2 commit 2740f20
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions bulk-entry.php
View file
Expand Up @@ -97,10 +97,6 @@ function get_editor_id() {

function wp_ajax_bulk_entry_submit_post() {

if ( ! current_user_can( 'add_post' ) ) {
echo '{ "content" : "You don\'t have permission to do that"}';
die();
}
$reply = $this->start_block( array( 'bulk-entry-notification' ) );
$reply .= $this->start_left_block();
$reply .= " ";
Expand All @@ -113,6 +109,13 @@ function wp_ajax_bulk_entry_submit_post() {
$content = $_POST['bulk_entry_postcontent'];
$title = $_POST['bulk_entry_posttitle'];

$posttype = get_post_type_object( $type );

if ( ! current_user_can( $posttype->cap->publish_posts ) ) {
echo '{ "content" : "You don\'t have permission to do that"}';
die();
}

// Create post object
$my_post = array(
'post_title' => $title,
Expand Down

0 comments on commit 2740f20

Please sign in to comment.