Skip to content
Permalink
Browse files Browse the repository at this point in the history
Improved permission check when processing a Doc save request.
  • Loading branch information
boonebgorges committed Mar 13, 2017
1 parent 21d74fd commit 75293ed
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions includes/component.php
Expand Up @@ -381,6 +381,14 @@ function catch_page_load() {

if ( !empty( $_POST['doc-edit-submit'] ) ) {

// Existing Docs have a more specific permission check.
$doc = bp_docs_get_current_doc();
if ( $doc && ! current_user_can( 'bp_docs_edit', $doc->ID ) ) {
return;
} elseif ( ! $doc && ! current_user_can( 'bp_docs_create' ) ) {
return;
}

check_admin_referer( 'bp_docs_save' );

$this_doc = new BP_Docs_Query;
Expand Down

0 comments on commit 75293ed

Please sign in to comment.