From 6f62362b96d2ea941a6f463998147486cc56ea0e Mon Sep 17 00:00:00 2001
From: Dion Hulse <dd32@git.wordpress.org>
Date: Sun, 21 Mar 2010 02:29:11 +0000
Subject: [PATCH] Use correct cap checks and nonces for custom post_type's

git-svn-id: https://develop.svn.wordpress.org/trunk@13786 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/includes/meta-boxes.php |  7 +++----
 wp-admin/includes/template.php   | 10 +++++-----
 wp-includes/capabilities.php     |  6 +++---
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/wp-admin/includes/meta-boxes.php b/wp-admin/includes/meta-boxes.php
index cd7f0690fb..936ae92f32 100644
--- a/wp-admin/includes/meta-boxes.php
+++ b/wp-admin/includes/meta-boxes.php
@@ -14,8 +14,7 @@ function post_submit_meta_box($post) {
 
 	$post_type = $post->post_type;
 	$post_type_object = get_post_type_object($post_type);
-	$type_cap = $post_type_object->capability_type;
-	$can_publish = current_user_can("publish_${type_cap}s");
+	$can_publish = current_user_can($post_type_object->publish_cap);
 ?>
 <div class="submitbox" id="submitpost">
 
@@ -194,7 +193,7 @@ if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
 <?php do_action('post_submitbox_start'); ?>
 <div id="delete-action">
 <?php
-if ( current_user_can( "delete_${type_cap}", $post->ID ) ) {
+if ( current_user_can( "delete_post", $post->ID ) ) {
 	if ( !EMPTY_TRASH_DAYS ) {
 		$delete_url = wp_nonce_url( add_query_arg( array('action' => 'delete', 'post' => $post->ID) ), "delete-${post_type}_{$post->ID}" );
 		$delete_text = __('Delete Permanently');
@@ -407,7 +406,7 @@ function post_comment_status_meta_box($post) {
 }
 
 /** 
- * Displa comments for post table header
+ * Display comments for post table header
  * 
  * @since 3.0
  * 
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index bb53a2a054..bdf58e5e94 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -863,9 +863,10 @@ function inline_edit_row( $screen ) {
 	foreach ( $taxonomy_names as $taxonomy_name ) {
 		$taxonomy = get_taxonomy( $taxonomy_name);
 
-		if( !$taxonomy->show_ui ) continue;
+		if ( !$taxonomy->show_ui )
+			continue;
 
-		if( $taxonomy->hierarchical )
+		if ( $taxonomy->hierarchical )
 			$hierarchical_taxonomies[] = $taxonomy;
 		else
 			$flat_taxonomies[] = $taxonomy;
@@ -875,7 +876,6 @@ function inline_edit_row( $screen ) {
 	$hidden = array_intersect( array_keys( $columns ), array_filter( get_hidden_columns($screen) ) );
 	$col_count = count($columns) - count($hidden);
 	$m = ( isset($mode) && 'excerpt' == $mode ) ? 'excerpt' : 'list';
-	// @todo use capability_type
 	$can_publish = current_user_can($post_type_object->publish_cap);
 	$core_columns = array( 'cb' => true, 'date' => true, 'title' => true, 'categories' => true, 'tags' => true, 'comments' => true, 'author' => true );
 
@@ -1561,11 +1561,11 @@ foreach ( $posts_columns as $column_name => $column_display_name ) {
 		}
 		if ( current_user_can($post_type_object->delete_cap, $page->ID) ) {
 			if ( $post->post_status == 'trash' )
-				$actions['untrash'] = "<a title='" . esc_attr(__('Remove this page from the Trash')) . "' href='" . wp_nonce_url("post.php?post_type=$post_type&amp;action=untrash&amp;post=$page->ID", 'untrash-page_' . $page->ID) . "'>" . __('Restore') . "</a>";
+				$actions['untrash'] = "<a title='" . esc_attr(__('Remove this page from the Trash')) . "' href='" . wp_nonce_url("post.php?post_type=$post_type&amp;action=untrash&amp;post=$page->ID", 'untrash-' . $post->post_type . '_' . $page->ID) . "'>" . __('Restore') . "</a>";
 			elseif ( EMPTY_TRASH_DAYS )
 				$actions['trash'] = "<a class='submitdelete' title='" . esc_attr(__('Move this page to the Trash')) . "' href='" . get_delete_post_link($page->ID) . "'>" . __('Trash') . "</a>";
 			if ( $post->post_status == 'trash' || !EMPTY_TRASH_DAYS )
-				$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page permanently')) . "' href='" . wp_nonce_url("post.php?post_type=$post_type&amp;action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "'>" . __('Delete Permanently') . "</a>";
+				$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page permanently')) . "' href='" . wp_nonce_url("post.php?post_type=$post_type&amp;action=delete&amp;post=$page->ID", 'delete-' . $post->post_type . '_' . $page->ID) . "'>" . __('Delete Permanently') . "</a>";
 		}
 		if ( in_array($post->post_status, array('pending', 'draft')) ) {
 			if ( current_user_can($post_type_object->edit_cap, $page->ID) )
diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index 366de783cd..30528aa8ba 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -810,7 +810,7 @@ function map_meta_cap( $cap, $user_id ) {
 		$post = get_post( $args[0] );
 		$post_type = get_post_type_object( $post->post_type );
 		if ( $post_type && 'post' != $post_type->capability_type ) {
-			$args = array_merge( array( 'delete_' . $post_type->capability_type, $user_id ), $args );
+			$args = array_merge( array( $post_type->delete_cap, $user_id ), $args );
 			return call_user_func_array( 'map_meta_cap', $args );
 		}
 
@@ -887,7 +887,7 @@ function map_meta_cap( $cap, $user_id ) {
 		$post = get_post( $args[0] );
 		$post_type = get_post_type_object( $post->post_type );
 		if ( $post_type && 'post' != $post_type->capability_type ) {
-			$args = array_merge( array( 'edit_' . $post_type->capability_type, $user_id ), $args );
+			$args = array_merge( array( $post_type->edit_cap, $user_id ), $args );
 			return call_user_func_array( 'map_meta_cap', $args );
 		}
 		$post_author_data = get_userdata( $post->post_author );
@@ -946,7 +946,7 @@ function map_meta_cap( $cap, $user_id ) {
 		$post = get_post( $args[0] );
 		$post_type = get_post_type_object( $post->post_type );
 		if ( $post_type && 'post' != $post_type->capability_type ) {
-			$args = array_merge( array( 'read_' . $post_type->capability_type, $user_id ), $args );
+			$args = array_merge( array( $post_type->read_cap, $user_id ), $args );
 			return call_user_func_array( 'map_meta_cap', $args );
 		}