Support » Installing WordPress » Problem with new “auto-save” function in WP2.1

  • I’ve redefined the standard Roles on my website, using the Role-Manager plugin. One of the roles has the “Publish Posts” capability, but NOT the “Edit Published Posts” capability.

    Prior to WP2.1, my users could create a new post and publish it. Since 2.1, they can’t.

    I think this is because in pre-2.1, when they clicked “Publish”, it would call the “wp_write_post” function, which checks for the “Publish posts” capability. Now, once the post has been auto-saved, it calls the “edit_post” function, which checks for the “Edit Published Posts” capability…which they don’t have.

    I believe this is a bug. The edit_post function first sets the Post status to “published” (because the Publish button has been clicked), and only then checks the “Edit Published Posts” capability.

    This is the code:

    	if ('' != $_POST['publish'] )
    		$_POST['post_status'] = 'publish';
    	if ('' != $_POST['advanced'] )
    		$_POST['post_status'] = 'draft';
    	if ( 'page' == $_POST['post_type'] ) {
    		if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' ))
    			$_POST['post_status'] = 'draft';
    	} else {
    		if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' ))
    			$_POST['post_status'] = 'draft';

    I think it should do the “edit_published_posts” check first, and then set the post status to published, if the user has the “publish_posts” capability:

    I haven’t yet worked out a fix, but what do others think?

  • The topic ‘Problem with new “auto-save” function in WP2.1’ is closed to new replies.