mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-02-27 18:13:00 +01:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity

No need to check for the presence of a current user in a privileged ajax action. see #23665.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@23889 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2013-04-03 04:34:14 +00:00
parent cc88fc4d85
commit 085141a6ba
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/ajax-actions.php
View File

@ -1042,14 +1042,10 @@ function wp_ajax_autosave() {
if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
unset($_POST['post_category']);
$do_autosave = (bool) $_POST['autosave'];
$data = '';
$supplemental = array();
$id = $revision_id = 0;
if ( ! $user_id = get_current_user_id() )
wp_die('-1');
$post_id = (int) $_POST['post_id'];
$_POST['ID'] = $_POST['post_ID'] = $post_id;
$post = get_post($post_id);
@ -1064,7 +1060,7 @@ function wp_ajax_autosave() {
wp_die( __( 'You are not allowed to edit this post.' ) );
}
if ( $do_autosave ) {
if ( ! empty( $_POST['autosave'] ) ) {
// Drafts and auto-drafts are just overwritten by autosave for the same user
if ( $user_id == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
$id = edit_post();