Changeset 2925410
- Timestamp:
- 06/13/2023 03:07:50 PM (3 years ago)
- Location:
- extended-post-status
- Files:
-
- 5 edited
- 3 copied
-
tags/1.0.20 (copied) (copied from extended-post-status/trunk)
-
tags/1.0.20/admin/class-extended-post-status-admin.php (modified) (6 diffs)
-
tags/1.0.20/admin/js (copied) (copied from extended-post-status/trunk/admin/js)
-
tags/1.0.20/extended-post-status.php (modified) (2 diffs)
-
tags/1.0.20/readme.txt (copied) (copied from extended-post-status/trunk/readme.txt) (2 diffs)
-
trunk/admin/class-extended-post-status-admin.php (modified) (6 diffs)
-
trunk/extended-post-status.php (modified) (2 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
extended-post-status/tags/1.0.20/admin/class-extended-post-status-admin.php
r2687794 r2925410 114 114 public function append_post_status_list_quickedit() 115 115 { 116 $status = self::get_status(); 117 foreach ($status as $single_status) { 118 $term_meta = get_option("taxonomy_term_$single_status->term_id"); 119 $hidden = 0; 120 if (array_key_exists('hide_in_drop_down', $term_meta) && $term_meta['hide_in_drop_down'] == 1) { 121 $hidden = 1; 116 if(current_user_can('publish_posts')) { 117 $status = self::get_status(); 118 foreach ($status as $single_status) { 119 $term_meta = get_option("taxonomy_term_$single_status->term_id"); 120 $hidden = 0; 121 if (array_key_exists('hide_in_drop_down', $term_meta) && $term_meta['hide_in_drop_down'] == 1) { 122 $hidden = 1; 123 } ?> 124 <script type="text/javascript"> 125 jQuery(document).ready(function () { 126 jQuery('#bulk-edit select[name="_status"]').append('<option value="<?php echo $single_status->slug; ?>" class="hidden-<?php echo $hidden; ?>"><?php echo $single_status->name; ?></option>'); 127 jQuery('.quick-edit-row select[name="_status"]').append('<option value="<?php echo $single_status->slug; ?>" class="hidden-<?php echo $hidden; ?>"><?php echo $single_status->name; ?></option>'); 128 }); 129 </script> 130 <?php 122 131 } ?> 123 132 <script type="text/javascript"> 124 jQuery(document).ready(function () { 125 jQuery('#bulk-edit select[name="_status"]').append('<option value="<?php echo $single_status->slug; ?>" class="hidden-<?php echo $hidden; ?>"><?php echo $single_status->name; ?></option>'); 126 jQuery('.quick-edit-row select[name="_status"]').append('<option value="<?php echo $single_status->slug; ?>" class="hidden-<?php echo $hidden; ?>"><?php echo $single_status->name; ?></option>'); 127 }); 128 </script> 129 <?php 130 } ?> 131 <script type="text/javascript"> 132 jQuery('#the-list').bind('DOMSubtreeModified', postListUpdated); 133 134 function postListUpdated() { 135 // Wait for the quick-edit dom to change 136 setTimeout(function () { 137 var post_quickedit_tr_id = jQuery('.inline-editor').attr('id'); 138 if (post_quickedit_tr_id) { 139 var post_edit_tr = post_quickedit_tr_id.replace("edit", "post"); 140 jQuery('.quick-edit-row select[name="_status"] option').each(function () { 133 jQuery('#the-list').bind('DOMSubtreeModified', postListUpdated); 134 135 function postListUpdated() { 136 // Wait for the quick-edit dom to change 137 setTimeout(function () { 138 var post_quickedit_tr_id = jQuery('.inline-editor').attr('id'); 139 if (post_quickedit_tr_id) { 140 var post_edit_tr = post_quickedit_tr_id.replace("edit", "post"); 141 jQuery('.quick-edit-row select[name="_status"] option').each(function () { 142 jQuery(this).show(); 143 if (jQuery(this).hasClass('hidden-1') && !jQuery('#' + post_edit_tr).hasClass('status-' + jQuery(this).val())) { 144 jQuery(this).hide(); 145 } 146 }); 147 } 148 jQuery('#bulk-edit select[name="_status"] option').each(function () { 141 149 jQuery(this).show(); 142 if (jQuery(this).hasClass('hidden-1') && !jQuery('#' + post_edit_tr).hasClass('status-' + jQuery(this).val())) {150 if (jQuery(this).hasClass('hidden-1')) { 143 151 jQuery(this).hide(); 144 152 } 145 153 }); 146 } 147 jQuery('#bulk-edit select[name="_status"] option').each(function () { 148 jQuery(this).show(); 149 if (jQuery(this).hasClass('hidden-1')) { 150 jQuery(this).hide(); 151 } 152 }); 153 }, 100); 154 } 155 </script> 156 <?php 154 }, 100); 155 } 156 </script> 157 <?php 158 } 157 159 } 158 160 … … 443 445 { 444 446 $is_block_editor = get_current_screen()->is_block_editor(); 445 if ($is_block_editor ) {447 if ($is_block_editor && current_user_can('publish_posts')) { 446 448 add_meta_box('extended_post_status', __('Status', 'extended-post-status'), ['Extended_Post_Status_Admin', 'status_meta_box_content'], null, 'side', 'high'); 447 449 } … … 702 704 public function wp_insert_post_data($data, $postarr) 703 705 { 704 if (array_key_exists('post_status_', $postarr) && $data['post_status'] != 'trash' && $data['post_status'] != 'future') { 705 $data['post_status'] = $postarr['post_status_']; 706 } 707 if ($data['post_status'] == 'none') { 708 $data['post_status'] = 'draft'; 706 if(current_user_can('publish_posts')) { 707 if (array_key_exists('post_status_', $postarr) && $data['post_status'] != 'trash' && $data['post_status'] != 'future') { 708 $data['post_status'] = $postarr['post_status_']; 709 } 710 if ($data['post_status'] == 'none') { 711 $data['post_status'] = 'draft'; 712 } 709 713 } 710 714 return $data; … … 719 723 public function change_publish_button_gutenberg() 720 724 { 721 if (wp_script_is('wp-i18n') ) {725 if (wp_script_is('wp-i18n') && current_user_can('publish_posts')) { 722 726 ?> 723 727 <script type="text/javascript"> … … 736 740 public function remove_publishing_sidebar_gutenberg() 737 741 { 738 wp_enqueue_script('disablePublishSidebar', plugin_dir_url(__DIR__) . 'admin/js/disablePublishSidebar.js', ['jquery']); 742 if(current_user_can('publish_posts')) { 743 wp_enqueue_script('disablePublishSidebar', plugin_dir_url(__DIR__) . 'admin/js/disablePublishSidebar.js', ['jquery']); 744 } 739 745 } 740 746 … … 750 756 public function gettext_override($translated, $original, $domain) 751 757 { 752 if ($original == 'Post published.' ) {758 if ($original == 'Post published.' && current_user_can('publish_posts')) { 753 759 $translated = __('Post saved.'); 754 760 } -
extended-post-status/tags/1.0.20/extended-post-status.php
r2687794 r2925410 7 7 * Plugin Name: Extended Post Status 8 8 * Description: Add new post status types. 9 * Version: 1.0. 199 * Version: 1.0.20 10 10 * Author: Felix Welberg 11 11 * Author URI: http://www.felixwelberg.de/ … … 28 28 * Rename this for your plugin and update it as you release new versions. 29 29 */ 30 define('EXTENDED_POST_STATUS_VERSION', '1.0. 19');30 define('EXTENDED_POST_STATUS_VERSION', '1.0.20'); 31 31 32 32 /** -
extended-post-status/tags/1.0.20/readme.txt
r2887785 r2925410 5 5 Tested up to: 6.2 6 6 Requires PHP: 7.2 7 Stable tag: 6. 17 Stable tag: 6.2 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 63 63 64 64 == Changelog == 65 66 = 1.0.20 = 67 * [Security] Check user capabilities in publishing process. (Thanks to TaeEun Lee) 68 See: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/extended-post-status/extended-post-status-1019-missing-authorization-via-wp-insert-post-data 65 69 66 70 = 1.0.19 = -
extended-post-status/trunk/admin/class-extended-post-status-admin.php
r2687794 r2925410 114 114 public function append_post_status_list_quickedit() 115 115 { 116 $status = self::get_status(); 117 foreach ($status as $single_status) { 118 $term_meta = get_option("taxonomy_term_$single_status->term_id"); 119 $hidden = 0; 120 if (array_key_exists('hide_in_drop_down', $term_meta) && $term_meta['hide_in_drop_down'] == 1) { 121 $hidden = 1; 116 if(current_user_can('publish_posts')) { 117 $status = self::get_status(); 118 foreach ($status as $single_status) { 119 $term_meta = get_option("taxonomy_term_$single_status->term_id"); 120 $hidden = 0; 121 if (array_key_exists('hide_in_drop_down', $term_meta) && $term_meta['hide_in_drop_down'] == 1) { 122 $hidden = 1; 123 } ?> 124 <script type="text/javascript"> 125 jQuery(document).ready(function () { 126 jQuery('#bulk-edit select[name="_status"]').append('<option value="<?php echo $single_status->slug; ?>" class="hidden-<?php echo $hidden; ?>"><?php echo $single_status->name; ?></option>'); 127 jQuery('.quick-edit-row select[name="_status"]').append('<option value="<?php echo $single_status->slug; ?>" class="hidden-<?php echo $hidden; ?>"><?php echo $single_status->name; ?></option>'); 128 }); 129 </script> 130 <?php 122 131 } ?> 123 132 <script type="text/javascript"> 124 jQuery(document).ready(function () { 125 jQuery('#bulk-edit select[name="_status"]').append('<option value="<?php echo $single_status->slug; ?>" class="hidden-<?php echo $hidden; ?>"><?php echo $single_status->name; ?></option>'); 126 jQuery('.quick-edit-row select[name="_status"]').append('<option value="<?php echo $single_status->slug; ?>" class="hidden-<?php echo $hidden; ?>"><?php echo $single_status->name; ?></option>'); 127 }); 128 </script> 129 <?php 130 } ?> 131 <script type="text/javascript"> 132 jQuery('#the-list').bind('DOMSubtreeModified', postListUpdated); 133 134 function postListUpdated() { 135 // Wait for the quick-edit dom to change 136 setTimeout(function () { 137 var post_quickedit_tr_id = jQuery('.inline-editor').attr('id'); 138 if (post_quickedit_tr_id) { 139 var post_edit_tr = post_quickedit_tr_id.replace("edit", "post"); 140 jQuery('.quick-edit-row select[name="_status"] option').each(function () { 133 jQuery('#the-list').bind('DOMSubtreeModified', postListUpdated); 134 135 function postListUpdated() { 136 // Wait for the quick-edit dom to change 137 setTimeout(function () { 138 var post_quickedit_tr_id = jQuery('.inline-editor').attr('id'); 139 if (post_quickedit_tr_id) { 140 var post_edit_tr = post_quickedit_tr_id.replace("edit", "post"); 141 jQuery('.quick-edit-row select[name="_status"] option').each(function () { 142 jQuery(this).show(); 143 if (jQuery(this).hasClass('hidden-1') && !jQuery('#' + post_edit_tr).hasClass('status-' + jQuery(this).val())) { 144 jQuery(this).hide(); 145 } 146 }); 147 } 148 jQuery('#bulk-edit select[name="_status"] option').each(function () { 141 149 jQuery(this).show(); 142 if (jQuery(this).hasClass('hidden-1') && !jQuery('#' + post_edit_tr).hasClass('status-' + jQuery(this).val())) {150 if (jQuery(this).hasClass('hidden-1')) { 143 151 jQuery(this).hide(); 144 152 } 145 153 }); 146 } 147 jQuery('#bulk-edit select[name="_status"] option').each(function () { 148 jQuery(this).show(); 149 if (jQuery(this).hasClass('hidden-1')) { 150 jQuery(this).hide(); 151 } 152 }); 153 }, 100); 154 } 155 </script> 156 <?php 154 }, 100); 155 } 156 </script> 157 <?php 158 } 157 159 } 158 160 … … 443 445 { 444 446 $is_block_editor = get_current_screen()->is_block_editor(); 445 if ($is_block_editor ) {447 if ($is_block_editor && current_user_can('publish_posts')) { 446 448 add_meta_box('extended_post_status', __('Status', 'extended-post-status'), ['Extended_Post_Status_Admin', 'status_meta_box_content'], null, 'side', 'high'); 447 449 } … … 702 704 public function wp_insert_post_data($data, $postarr) 703 705 { 704 if (array_key_exists('post_status_', $postarr) && $data['post_status'] != 'trash' && $data['post_status'] != 'future') { 705 $data['post_status'] = $postarr['post_status_']; 706 } 707 if ($data['post_status'] == 'none') { 708 $data['post_status'] = 'draft'; 706 if(current_user_can('publish_posts')) { 707 if (array_key_exists('post_status_', $postarr) && $data['post_status'] != 'trash' && $data['post_status'] != 'future') { 708 $data['post_status'] = $postarr['post_status_']; 709 } 710 if ($data['post_status'] == 'none') { 711 $data['post_status'] = 'draft'; 712 } 709 713 } 710 714 return $data; … … 719 723 public function change_publish_button_gutenberg() 720 724 { 721 if (wp_script_is('wp-i18n') ) {725 if (wp_script_is('wp-i18n') && current_user_can('publish_posts')) { 722 726 ?> 723 727 <script type="text/javascript"> … … 736 740 public function remove_publishing_sidebar_gutenberg() 737 741 { 738 wp_enqueue_script('disablePublishSidebar', plugin_dir_url(__DIR__) . 'admin/js/disablePublishSidebar.js', ['jquery']); 742 if(current_user_can('publish_posts')) { 743 wp_enqueue_script('disablePublishSidebar', plugin_dir_url(__DIR__) . 'admin/js/disablePublishSidebar.js', ['jquery']); 744 } 739 745 } 740 746 … … 750 756 public function gettext_override($translated, $original, $domain) 751 757 { 752 if ($original == 'Post published.' ) {758 if ($original == 'Post published.' && current_user_can('publish_posts')) { 753 759 $translated = __('Post saved.'); 754 760 } -
extended-post-status/trunk/extended-post-status.php
r2687794 r2925410 7 7 * Plugin Name: Extended Post Status 8 8 * Description: Add new post status types. 9 * Version: 1.0. 199 * Version: 1.0.20 10 10 * Author: Felix Welberg 11 11 * Author URI: http://www.felixwelberg.de/ … … 28 28 * Rename this for your plugin and update it as you release new versions. 29 29 */ 30 define('EXTENDED_POST_STATUS_VERSION', '1.0. 19');30 define('EXTENDED_POST_STATUS_VERSION', '1.0.20'); 31 31 32 32 /** -
extended-post-status/trunk/readme.txt
r2887785 r2925410 5 5 Tested up to: 6.2 6 6 Requires PHP: 7.2 7 Stable tag: 6. 17 Stable tag: 6.2 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 63 63 64 64 == Changelog == 65 66 = 1.0.20 = 67 * [Security] Check user capabilities in publishing process. (Thanks to TaeEun Lee) 68 See: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/extended-post-status/extended-post-status-1019-missing-authorization-via-wp-insert-post-data 65 69 66 70 = 1.0.19 =
Note: See TracChangeset
for help on using the changeset viewer.