[wp-trac] [WordPress Trac] #57223: Comments Controller : Should max/total be pre- or post- filtering? It is pre-. Reconsider?
WordPress Trac
noreply at wordpress.org
Mon Nov 28 23:26:00 UTC 2022
#57223: Comments Controller : Should max/total be pre- or post- filtering? It is
pre-. Reconsider?
-------------------------+------------------------------
Reporter: Starbuck | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by Starbuck):
Intentionally left out of OP, not sure if this should be in a separate
ticket yet: At line 301 a similar situation exists. Let's preface this all
with "it looks to me like ... and I might be wrong ..."
If the original query returns no results, and the request is looking for a
specific page, the query is re-run with no pagination limits, and there is
no post-query check for permissions on the comments. So the total number
of comments and pages are based on the entire set available for the
current post, and not on the records available to the current user ... and
all comments are returned without permissions filtering, simply because
the query was wrong, perhaps mis-led by the data that is being provided
here. This seems like a real bug. Untested, not verified, sorry.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57223#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list