Skip to content

Commit 1d1d5be

Browse files
committed
Ensure that a user can publish_posts before making a post sticky.
Props: danielbachhuber, whyisjake, peterwilson, xknown. git-svn-id: https://develop.svn.wordpress.org/branches/5.3@46897 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 4c285eb commit 1d1d5be

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

Diff for: src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -498,7 +498,7 @@ public function create_item_permissions_check( $request ) {
498498
return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to create posts as this user.' ), array( 'status' => rest_authorization_required_code() ) );
499499
}
500500

501-
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) ) {
501+
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
502502
return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) );
503503
}
504504

@@ -653,7 +653,7 @@ public function update_item_permissions_check( $request ) {
653653
return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to update posts as this user.' ), array( 'status' => rest_authorization_required_code() ) );
654654
}
655655

656-
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) ) {
656+
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
657657
return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) );
658658
}
659659

@@ -955,7 +955,7 @@ protected function prepare_date_response( $date_gmt, $date = null ) {
955955
* @return stdClass|WP_Error Post object or WP_Error.
956956
*/
957957
protected function prepare_item_for_database( $request ) {
958-
$prepared_post = new stdClass;
958+
$prepared_post = new stdClass();
959959

960960
// Post ID.
961961
if ( isset( $request['id'] ) ) {

0 commit comments

Comments
 (0)