/** * Filters exceptions check. * * @param type $args * @return type */ function wpcf_access_exceptions_upload_files($args) { global $wpcf_access; $capability_requested = $args[0]; $parse_args = $args[1]; $found = $args[3]; $args = $args[2]; // This is case when user uploads file from post edit screen // or on Media Library screen if (!empty($found) && is_admin() && (strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-new.php') !== false)) { $temp = array(); $post_id = wpcf_access_determine_post_id(); // If attachment_id is present if (isset($_POST['attachment_id'])) { $post_id = intval($_POST['attachment_id']); } // Get post $post = get_post($post_id); // If post exists and is attachment - process it if (!empty($post) && $post->post_type == 'attachment') { $temp['capability_requested'] = $capability_requested; // // // // This is Media Library screen // // // if (strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-new.php') !== false) { // If Media post_type exists use built-in WP check if (wpcf_access_is_media_registered()) { if (isset($post->post_parent)) { $temp['is_attachment'] = 1; } $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); $temp['capability_converted'] = $capability_requested; } else { // If version 3.4 check if user can edit parent post type // TODO check if post is attached to multiple posts // (looks like only first parent is saved) // Attachment follows parent post type if (isset($post->post_parent)) { $temp['is_attachment'] = 1; $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent); $temp['capability_converted'] = $capability_requested; } else { // This happens in case item is newly added to media library $temp['parent'] = 'no_parent'; $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); $temp['capability_converted'] = $capability_requested; } } } else { // // // // // // This is upload screen // // // // No matter if Media post_type is registered, // on upload screens we always convert capability to match // parent post type // TODO check if post is attached to multiple posts // (looks like only first parent is saved) // Attachment follows parent post type if (isset($post->post_parent)) { $temp['is_attachment'] = 1; $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent); $temp['capability_converted'] = $capability_requested; } else { $temp['parent'] = 'no_parent'; $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); $temp['capability_converted'] = $capability_requested; } } $wpcf_access->upload_files['exceptions.php']['media_screen'][] = $temp; } } else { // Simply check if post is attachment and map it to parent cap $temp = array(); $temp['capability_requested'] = $capability_requested; $post_id = wpcf_access_determine_post_id(); $post = get_post($post_id); if (!empty($post) && $post->post_type == 'attachment') { if (isset($post->post_parent)) { $temp['is_attachment'] = 1; $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent); $temp['capability_converted'] = $capability_requested; } else { $temp['parent'] = 'no_parent'; $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); $temp['capability_converted'] = $capability_requested; } $wpcf_access->upload_files['exceptions.php']['attachments'][] = $temp; } } return array($capability_requested, $parse_args, $args); }
/** * Determines post type. * * @global type $post * @global type $pagenow * @return string */ function wpcf_access_determine_post_type() { global $post; $post_type = false; $post_id = wpcf_access_determine_post_id(); if (!empty($post) || !empty($post_id)) { if (get_post($post_id)) { return get_post_type($post_id); } $post_type = get_post_type($post); } else { if (isset($_GET['post_type'])) { $post_type = $_GET['post_type']; } else { if (isset($_POST['post_type'])) { $post_type = $_POST['post_type']; } else { if (isset($_GET['post'])) { $post_type = get_post_type($_GET['post']); } else { if (isset($_GET['post_id'])) { $post_type = get_post_type($_GET['post_id']); } else { if (isset($_POST['post_id'])) { $post_type = get_post_type($_POST['post_id']); } else { if (isset($_POST['post'])) { $post_type = get_post_type($_POST['post']); } else { if (isset($_SERVER['HTTP_REFERER'])) { $split = explode('?', $_SERVER['HTTP_REFERER']); if (isset($split[1])) { parse_str($split[1], $vars); if (isset($vars['post_type'])) { $post_type = $vars['post_type']; } else { if (isset($vars['post'])) { $post_type = get_post_type($vars['post']); } else { if (strpos($split[1], 'post-new.php') !== false) { $post_type = 'post'; } } } } else { if (strpos($_SERVER['HTTP_REFERER'], 'post-new.php') !== false || strpos($_SERVER['HTTP_REFERER'], 'edit-tags.php') !== false || strpos($_SERVER['HTTP_REFERER'], 'edit.php') !== false) { $post_type = 'post'; } } } } } } } } } } return $post_type; }