Skip to content
Permalink
Browse files

Improved permission check when processing a Doc save request.

  • Loading branch information...
boonebgorges committed Mar 13, 2017
1 parent 21d74fd commit 75293ed4e5f31f04e54689bfe2c647e3e3f5e1a9
Showing with 8 additions and 0 deletions.
  1. +8 −0 includes/component.php
@@ -381,6 +381,14 @@ function catch_page_load() {
if ( !empty( $_POST['doc-edit-submit'] ) ) {
// Existing Docs have a more specific permission check.
$doc = bp_docs_get_current_doc();
if ( $doc && ! current_user_can( 'bp_docs_edit', $doc->ID ) ) {
return;
} elseif ( ! $doc && ! current_user_can( 'bp_docs_create' ) ) {
return;
}
check_admin_referer( 'bp_docs_save' );
$this_doc = new BP_Docs_Query;

0 comments on commit 75293ed

Please sign in to comment.
You can’t perform that action at this time.