[wp-trac] [WordPress Trac] #17157: Cannot preview changes to published multi-page posts

WordPress Trac noreply at wordpress.org
Fri Feb 28 23:31:42 UTC 2014 

#17157: Cannot preview changes to published multi-page posts
-------------------------------+--------------------------
 Reporter:  akoyfman           |       Owner:  johnbillion
     Type:  defect (bug)       |      Status:  closed
 Priority:  normal             |   Milestone:  3.9
Component:  Posts, Post Types  |     Version:  3.0.4
 Severity:  normal             |  Resolution:  fixed
 Keywords:  has-patch          |     Focuses:  template
-------------------------------+--------------------------

Comment (by nacin):

 Some stuff in IRC didn't get logged due to some issues with the bot:

 {{{
 6:12    nacin   johnbillion: try adding ?preview=true to the end of a URL
 when logged out
 6:13    johnbillion     nacin: Bah. Interestingly that's what I mentioned
 in the comment prior to the commit. Note that the preview doesn't actually
 get displayed though because the user doesn't have permission to edit the
 post.
 6:14    johnbillion     I had thought of passing along the current
 $_GET['preview_nonce'] instead - think that's a better approach?
 6:14    nacin   Yeah, and technically leaking this nonce isn't an issue
 that I can tell. But it's sloppy. Trying to figure out how to fix it.
 6:15    nacin   perhaps setting is_preview => true in WP_Query should
 immediately validate the nonce. I'm honestly not sure. it's fairly old
 code.
 6:16    nacin   passing along $_GET seems like a good immediate fix.
 6:16    nacin   perhaps the conditional should be if ( 'draft' !== $status
 && isset( $_GET['preview_nonce'] ) )
 6:16    nacin   mentioning #17157 so this makes it back to the ticket.
 6:16    trac-bot        nacin: http://core.trac.wordpress.org/ticket/17157
 3.9, akoyfman->johnbillion, closed, Cannot preview changes to published
 multi-page posts
 6:16    johnbillion     Yeah and I'l check for $_GET['preview_id'] too
 6:17    nacin   I just meant as a quick check; if the other isn't set and
 it notices, it's not a huge deal.
 6:17    nacin   but yeah, isset( $_GET['preview_nonce'],
 $_GET['preview_id'] ) is fine.
 6:18    nacin   _show_post_preview() should really happen inside
 WP_Query::parse_query() with an opportunity to set is_preview to false.
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/17157#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list