[wp-trac] [WordPress Trac] #52094: Queries with perm readable/editable will not work for multiple post types and status queries
WordPress Trac
noreply at wordpress.org
Wed Dec 16 15:45:31 UTC 2020
#52094: Queries with perm readable/editable will not work for multiple post types
and status queries
--------------------------+-----------------------------
Reporter: leogermani | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
This ticket is a continuation of #48556, which fixes permission checks
when querying for multiple post types.
If you make a query for multiple post types, and also specifying one or
more post statuses, there will be a couple of problems in the results if
your query also includes `perm=readable` or `perm=editable`.
`perm=readable` is supposed to do a check to see if the current user has
permission to read the queried post statuses before adding it to the SQL
statement. It works fine if you're querying for only one post type, but
will fail for multiple post types.
The problem is the same we found in #48556. When multiple post types are
queried, the permission checked will be
`read_private_multiple_post_types`, instead of individually check for each
post type's capabilities.
(The same happens for `perm=editable`, which will check for
`edit_others_multiple_post_types`)
= Another problem: Custom post statuses =
When querying for multiple post types and `perm=readable`, WP_Query also
will not handle custom post statuses properly.
Any custom post status will be treated as a `public` post status, ignoring
how it was registered. You can see it happening here:
https://github.com/WordPress/wordpress-develop/blob/master/src/wp-includes
/class-wp-query.php#L2478
= Fix =
The fix should be similar to what we are doing in #48556, and I think we
should work on the patch after we finish #48556.
= Reproducing =
I'm going to attach a test file that reproduces all the bugs described
here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52094>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list