[wp-trac] [WordPress Trac] #25338: Comments of password-protected posts should not be shown to logged-in users without edit capability

WordPress Trac noreply at wordpress.org
Sun Feb 16 00:03:54 UTC 2014


#25338: Comments of password-protected posts should not be shown to logged-in users
without edit capability
-------------------------+-----------------------------
 Reporter:  kraftbj      |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Future Release
Component:  Comments     |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  needs-patch  |     Focuses:
-------------------------+-----------------------------
Changes (by danielbachhuber):

 * keywords:   => needs-patch
 * type:  defect (bug) => enhancement
 * milestone:  Awaiting Review => Future Release


Comment:

 Thanks for the report. At this time, it wouldn't be easy to filter out
 comments from password-protected posts because `get_comments()` is
 relatively decoupled from the state of whether or not a post requires a
 password.

 Technically-speaking, the most straightforward way to do this would be to
 join on the posts table and filter based on the value of the
 `post_password` column. The performance of this approach would need to be
 assessed. Additionally, I'd recommend this change be made within
 `WP_Comments_List_Table->prepare_items()`, instead of being added as a new
 feature of `WP_Comment_Query`. It's a better pattern to perform the
 capability check outside of the API.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/25338#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list