Ticket #2172 (closed defect (bug): worksforme)

Opened 6 years ago

Last modified 6 years ago

Private posts and unapproved comments show up in RSS feeds.

Reported by: creachadair Owned by: anonymous
Priority: normal Milestone:
Component: Administration Version: 1.5.2
Severity: normal Keywords: RSS private
Cc:

Description

In WordPress 1.5.2, posts that are marked "Private" show up in the RSS feed for the blog. This appears to contradict the documentation, which says ( http://wordpress.org/docs/reference/post):

"Posts marked as `Private' are not visable to any other authors regardless of user levels."

A useful workaround was suggested: Fill in the "Excerpt" field. Following the link from the RSS feed to the blog itself will not give you the formatted post, so the RSS user will only see the excerpt. However, I would argue that the spirit of the "private" marking is that the post should not show up for public consumption without further action on the part of the author.

Related to this, comments which have been held for approval show up in the comments RSS prior to approval. I don't know if any search engines are using RSS feeds to index blogs, but if so, this is a bootstrap route for comment spam.

Change History

comment:1   ryan6 years ago

Private posts shouls only show up in the feed when the author of those posts is logged in. If you logout of WP, you should see that the private posts aren't there.

I'll look into the comment problem.

comment:2   creachadair6 years ago

Even if the author is not logged in, private posts show up in the RSS feed. I tested that case originally, and just verified that it is in fact the case. Even if I log out and flush all cookies from my browser, and start up a new clean browser, I get private posts in the RSS.

comment:3   davidhouse6 years ago

In 2.0 (our current stable release), neither private posts nor unapproved comments show up in feeds. So this is not a bug in 2.0. Not closing as this could be a candidate for backporting if we release a new version on the 1.5 branch.

comment:4   davidhouse6 years ago

  • Status changed from new to closed
  • Resolution set to worksforme

Hmm... actually I can't replicate either parts of this in 1.5.2. I asked in #wordpress and got someone else (pwaring) with a 1.5.2 to test, he couldn't replicate either. Closing with worksforme.

By the way, when you want to 'publish' a private post, you have to hit 'Save' instead of 'Publish' (hitting Publish causes it to be a public post), perhaps that's the problem?

Note: See TracTickets for help on using tickets.