[wp-trac] [WordPress Trac] #52889: Add filter to disable forced plain permalinks

WordPress Trac noreply at wordpress.org
Mon Apr 19 01:28:56 UTC 2021 

#52889: Add filter to disable forced plain permalinks
-------------------------+------------------------------
 Reporter:  cneumann     |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Permalinks   |     Version:  5.7
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:
-------------------------+------------------------------
Changes (by peterwilsoncc):

 * component:  Security => Permalinks


Comment:

 A part of the reason for introducing the function was that
 `get_permalink()` could return URLs for valid, public posts that would
 throw a file not found error. This was a particular problem for
 attachments, please see #52373 as the commit for #5272 was only a partial
 fix.

 The main reason was to prevent data exposure of private post urls to
 unauthorised users. The permission check only runs for private post
 statuses.

 Are you able to explain a little more about your use case, particularly
 where the expense is coming from for testing the user capabilities?
 `current_user_can()` uses a cached user object so the extra function calls
 shouldn't be too expensive.

 Finally, if this enhancement is added I'd suggest a preflight/short-
 circuit filter rather than a disabling filter. This is similar to how such
 filters work in other functions (see the `pre_wp_mail` filter for an
 example) but provides a little more flexibility to developers like
 yourself :)

 {{{#!php
 <?php
 function wp_force_plain_post_permalink( $post = null, $sample = null ) {
         // ...

         /**
          * Preflight forcing of plain permalinks.
          *
          * Allow plugins to override how the use of plain permalinks are
 determined.
          */
         $preflight = apply_filters( 'pre_wp_force_plain_post_permalink',
 null, $post, $sample );
         if ( null !== $preflight ) {
                 return $preflight;
         }

         // ...
 }
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52889#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list