code rabbit code issues

arifulhoque7 · arifulhoque7 · commit 8cd0596dc20f · 2025-09-30T21:52:52.000+06:00
diff --git a/includes/Ajax/Frontend_Form_Ajax.php b/includes/Ajax/Frontend_Form_Ajax.php
@@ -229,20 +229,21 @@ public function submit_post() {
         if ( isset( $_POST['post_id'] ) ) {
             $post_id                   = intval( wp_unslash( $_POST['post_id'] ) );
 
+            // Verify the post exists
+            $post = get_post( $post_id );
+            if ( ! $post || is_wp_error( $post ) ) {
+                wpuf()->ajax->send_error( __( 'Post not found.', 'wp-user-frontend' ) );
+            }
+
             // Security: Check if user has permission to edit this post (Broken Access Control fix)
             $post_author = get_post_field( 'post_author', $post_id );
             $current_user_id = get_current_user_id();
 
             // Allow edit if: user is post author OR user has edit_others_posts capability
-            if ( $current_user_id != $post_author && ! current_user_can( 'edit_others_posts' ) ) {
+            if ( $current_user_id !== $post_author && ! current_user_can( 'edit_others_posts' ) ) {
                 wpuf()->ajax->send_error( __( 'You do not have permission to edit this post.', 'wp-user-frontend' ) );
             }
 
-            // Verify the post exists
-            if ( ! get_post( $post_id ) ) {
-                wpuf()->ajax->send_error( __( 'Post not found.', 'wp-user-frontend' ) );
-            }
-
             $is_update                 = true;
             $postarr['ID']             = $post_id;
             $postarr['post_date']      = isset( $_POST['post_date'] ) ? sanitize_text_field( wp_unslash( $_POST['post_date'] ) ) : '';
