Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-endpoint.php
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-endpoint.php')
-rw-r--r--plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-endpoint.php14
1 files changed, 9 insertions, 5 deletions
diff --git a/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-endpoint.php b/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-endpoint.php
index dcf84a35..53932601 100644
--- a/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-endpoint.php
+++ b/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-endpoint.php
@@ -89,6 +89,10 @@ class WPCOM_JSON_API_Update_Post_Endpoint extends WPCOM_JSON_API_Post_Endpoint {
return new WP_Error( 'invalid_input', 'Invalid request input', 400 );
}
+ if ( isset( $input['status'] ) && 'trash' === $input['status'] && ! current_user_can( 'delete_post', $post_id ) ) {
+ return new WP_Error( 'unauthorized', 'User cannot delete post', 403 );
+ }
+
$post = get_post( $post_id );
$_post_type = ( ! empty( $input['type'] ) ) ? $input['type'] : $post->post_type;
$post_type = get_post_type_object( $_post_type );
@@ -559,7 +563,7 @@ class WPCOM_JSON_API_Update_Post_Endpoint extends WPCOM_JSON_API_Post_Endpoint {
if ( ! empty( $meta->id ) || ! empty( $meta->previous_value ) ) {
continue;
- } elseif ( ! empty( $meta->key ) && ! empty( $meta->value ) && ( current_user_can( 'add_post_meta', $post_id, $unslashed_meta_key ) ) || $this->is_metadata_public( $meta->key ) ) {
+ } elseif ( ! empty( $meta->key ) && ! empty( $meta->value ) && ( current_user_can( 'add_post_meta', $post_id, $unslashed_meta_key ) ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) {
add_post_meta( $post_id, $meta->key, $meta->value );
}
@@ -568,11 +572,11 @@ class WPCOM_JSON_API_Update_Post_Endpoint extends WPCOM_JSON_API_Post_Endpoint {
if ( ! isset( $meta->value ) ) {
continue;
- } elseif ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_existing_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) {
+ } elseif ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_existing_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) {
update_metadata_by_mid( 'post', $meta->id, $meta->value );
- } elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) {
+ } elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) {
update_post_meta( $post_id, $meta->key,$meta->value, $meta->previous_value );
- } elseif ( ! empty( $meta->key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) {
+ } elseif ( ! empty( $meta->key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) {
update_post_meta( $post_id, $meta->key, $meta->value );
}
@@ -685,7 +689,7 @@ class WPCOM_JSON_API_Update_Post_Endpoint extends WPCOM_JSON_API_Post_Endpoint {
return $featured_image;
}
- $featured_image_id = $this->handle_media_sideload( $featured_image, $post_id );
+ $featured_image_id = $this->handle_media_sideload( $featured_image, $post_id, 'image' );
if ( empty( $featured_image_id ) || ! is_int( $featured_image_id ) )
return false;