[wp-trac] [WordPress Trac] #48556: Query for multiple post types not considering user permission to retrieve private posts

WordPress Trac noreply at wordpress.org
Mon Aug 24 18:39:35 UTC 2020 

#48556: Query for multiple post types not considering user permission to retrieve
private posts
--------------------------+-----------------------------
 Reporter:  leogermani    |       Owner:  SergeyBiryukov
     Type:  defect (bug)  |      Status:  reviewing
 Priority:  normal        |   Milestone:  5.6
Component:  Query         |     Version:
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:
--------------------------+-----------------------------

Comment (by boonebgorges):

 > If we change the query in all cases we will basically break things for
 anyone using this filter, since they usually rely on the query structure
 they expect from core using a regex or similar approach.

 I'm not sure this has to happen. Your logic could be adapted in such a way
 that the "default" case generates the very same SQL that we currently
 generate. I guess there could be differences in whitespace or in
 parentheses, due to the way you're assembling `$typewheres`? Is that what
 you have in mind?

 In the past, we've found it acceptable to make these kinds of changes to
 underlying SQL. (a) We can write a dev note that explains the change, as
 you note. And (b) it may be that developers have written their filters in
 such a way that these changes will break their customizations. On the
 latter point, we might be able to run some sort of search on the public
 wordpress.org plugin repository - perhaps, first matching plugins that
 filter 'posts_where' and then narrowing it down to those that do something
 with `post_status`? - that can give us some concrete examples of what may
 or may not break. If I had to bet, I'd say that most plugins are not, in
 fact, doing regex/string manipulation on the query, but instead are
 rebuilding the query based on the parameters passed to `WP_Query`. But we
 can only know if we check :-D

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48556#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list