post-status – User Capability

If “force_user_login” has been set and user has not the Capability “publish_posts”, changes of post-status to “publish” or “future” are still possible.

To check the capability, i have made 3 small changes:

postie.class.php (near line 706):

// Added Parameter $config, see also postie-tags.php
$post_status = tag_Status($content, $config['post_status'], $config);

postie-tag.php (near line 110)

// Added Parameter $config, see also postie.class.php
function tag_Status(&$content, $currentstatus, $config) {

postie-tag.php (near line 125)

// ===========================================================
if ($config['force_user_login'])
  if (strcasecmp($poststatus, "publish") or strcasecmp($poststatus, "future"))
    if (!current_user_can('publish_posts'))
      $poststatus = "pending";
// ===========================================================

return $poststatus;

It would be nice to integrate the verification of the capability in a next release.

Thanks a lot for your work!

• This topic was modified 8 years, 9 months ago by walle0301.