HostForge-Systems/wordpress
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

REST API: Prevent deletion of post revisions.

Browse Source 
Allowing the client to delete revisions breaks the "audit trail" functionality. This is not allowed in WordPress and shouldn't be allowed through the API.
While not recommended, a plugin may opt-in to the previous behavior by setting a custom 'delete_post' capability for the revisions post type.

Props dlh, danielbachhuber, TimothyBlynJacobs, azaozz, kadamwhite.
Fixes #43709.


Built from https://develop.svn.wordpress.org/trunk@45812


git-svn-id: http://core.svn.wordpress.org/trunk@45623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
K. Adam White
2019-08-15 22:01:55 +00:00
parent 5dbb64d0dd
commit 00cb4c7dbd
3 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
wp-includes/capabilities.php
View File

@@ -72,11 +72,8 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
}
if ( 'revision' == $post->post_type ) {
$post = get_post( $post->post_parent );
if ( ! $post ) {
$caps[] = 'do_not_allow';
break;
}
$caps[] = 'do_not_allow';
break;
}
if ( ( get_option( 'page_for_posts' ) == $post->ID ) || ( get_option( 'page_on_front' ) == $post->ID ) ) {