[wp-trac] [WordPress Trac] #51651: The `read_post` meta capability returns an incorrect result for the inherit post status.

WordPress Trac noreply at wordpress.org
Tue Oct 27 23:29:33 UTC 2020


#51651: The `read_post` meta capability returns an incorrect result for the inherit
post status.
-----------------------------+-----------------------------
 Reporter:  peterwilsoncc    |      Owner:  (none)
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Role/Capability  |    Version:  3.4
 Severity:  normal           |   Keywords:
  Focuses:                   |
-----------------------------+-----------------------------
 When an attachment is uploaded via an edit post screen, it is given the
 inherit post status to determine whether it is published, private, etc.

 The key definition within the post object are as follows:

 {{{
 post_type: attachment
 post_status: inherit
 post_parent: 1
 }}}

 The `inherit` post status is registered as `internal`, and is therefore
 not considered `public`.

 As the `read_post` meta capability gets the post status object without
 checking if it is inherited, it returns the incorrect result for logged in
 users able to read the post:


 {{{#!php
 <?php
 // $post: attachment attached to a post/page.
 $status_obj = get_post_status_object( $post->post_status /* 'inherit' */
 );
 }}}

 To correctly determine if a user can read the post, the post status string
 ought to use `get_post_status()`:

 {{{#!php
 <?php
 // $post: attachment attached to a post/page.
 $status_obj = get_post_status_object( get_post_status( $post ) );
 }}}

 This potentially applies to other meta capabilities too.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51651>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list