[wp-trac] [WordPress Trac] #48556: Query for multiple post types not considering user permission to retrieve private posts
WordPress Trac
noreply at wordpress.org
Wed Dec 23 00:43:27 UTC 2020
#48556: Query for multiple post types not considering user permission to retrieve
private posts
-------------------------------------------------+-------------------------
Reporter: leogermani | Owner:
| SergeyBiryukov
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 5.7
Component: Query | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests early | Focuses:
needs-dev-note |
-------------------------------------------------+-------------------------
Changes (by peterwilsoncc):
* status: closed => reopened
* resolution: fixed =>
Comment:
Reopening this with the intent to revert [49830]
Passing an invalid post type to WP_Query is causing the post type and post
status parameters from being dropped from the resulting SQL query for all
users.
Prior to the above commit both of the following tests would pass,
generating the SQL query:
{{{#!mysql
SELECT SQL_CALC_FOUND_ROWS wptests_posts.*
FROM wptests_posts
WHERE 1=1
AND wptests_posts.post_type = 'unregistered_cpt'
AND (wptests_posts.post_status = 'publish')
ORDER BY wptests_posts.post_date DESC LIMIT 0, 10
}}}
Following the change they generate the query:
{{{#!mysql
SELECT SQL_CALC_FOUND_ROWS wptests_posts.*
FROM wptests_posts
WHERE 1=1
ORDER BY wptests_posts.post_date DESC LIMIT 0, 10
}}}
The result is that all post types and statuses are returned.
I'll revert the commit today and subsequently add theses and any other
relevant tests I can think of. Once this is looked at again, the tests
will need to be updated.
{{{#!php
<?php
class Tests_Query_InvalidPostTypes extends WP_UnitTestCase {
public $last_posts_request;
public function setUp() {
parent::setUp();
// Clean up variable before each test.
$this->last_posts_request = '';
// Store last query for tests.
add_filter( 'posts_request', array( $this,
'_set_last_posts_request' ) );
}
public function _set_last_posts_request( $request ) {
$this->last_posts_request = $request;
return $request;
}
function test_unregistered_post_type_wp_query() {
global $wpdb;
new WP_Query( array( 'post_type' => 'unregistered_cpt' )
);
$this->assertContains( "{$wpdb->posts}.post_type =
'unregistered_cpt'", $this->last_posts_request );
$this->assertContains( "{$wpdb->posts}.post_status =
'publish'", $this->last_posts_request );
}
function test_unregistered_post_type_goto() {
global $wpdb;
$this->go_to( home_url( '?post_type=unregistered_cpt' ) );
$this->assertContains( "{$wpdb->posts}.post_type =
'unregistered_cpt'", $this->last_posts_request );
$this->assertContains( "{$wpdb->posts}.post_status =
'publish'", $this->last_posts_request );
}
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48556#comment:31>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list