[wp-trac] [WordPress Trac] #51651: The `read_post` meta capability returns an incorrect result for the inherit post status.
WordPress Trac
noreply at wordpress.org
Tue Oct 27 23:29:33 UTC 2020
#51651: The `read_post` meta capability returns an incorrect result for the inherit
post status.
-----------------------------+-----------------------------
Reporter: peterwilsoncc | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 3.4
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
When an attachment is uploaded via an edit post screen, it is given the
inherit post status to determine whether it is published, private, etc.
The key definition within the post object are as follows:
{{{
post_type: attachment
post_status: inherit
post_parent: 1
}}}
The `inherit` post status is registered as `internal`, and is therefore
not considered `public`.
As the `read_post` meta capability gets the post status object without
checking if it is inherited, it returns the incorrect result for logged in
users able to read the post:
{{{#!php
<?php
// $post: attachment attached to a post/page.
$status_obj = get_post_status_object( $post->post_status /* 'inherit' */
);
}}}
To correctly determine if a user can read the post, the post status string
ought to use `get_post_status()`:
{{{#!php
<?php
// $post: attachment attached to a post/page.
$status_obj = get_post_status_object( get_post_status( $post ) );
}}}
This potentially applies to other meta capabilities too.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51651>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list