WordPress.org

Make WordPress Core

Ticket #4711: 4711.diff

File 4711.diff, 4.1 KB (added by Otto42, 12 years ago)

Suggested patch

  • wp-includes/post.php

     
    4141        }
    4242
    4343        $defaults = array(
    44                 'numberposts' => -1, 'post_type' => '', 
     44                'numberposts' => -1, 'post_type' => '',
    4545                'post_status' => '', 'post_parent' => 0
    4646        );
    4747
     
    194194        global $wpdb;
    195195
    196196        $defaults = array(
    197                 'numberposts' => 5, 'offset' => 0, 
    198                 'category' => 0, 'orderby' => 'post_date', 
    199                 'order' => 'DESC', 'include' => '', 
    200                 'exclude' => '', 'meta_key' => '', 
    201                 'meta_value' =>'', 'post_type' => 'post', 
    202                 'post_status' => 'publish', 'post_parent' => 0
     197                'numberposts' => 5, 'offset' => 0,
     198                'category' => 0, 'orderby' => 'post_date',
     199                'order' => 'DESC', 'include' => '',
     200                'exclude' => '', 'meta_key' => '',
     201                'meta_value' =>'', 'post_type' => 'post',
     202                'post_parent' => 0
    203203        );
    204204
    205205        $r = wp_parse_args( $args, $defaults );
     
    248248                $exclusions .= ')';
    249249
    250250        $query  = "SELECT DISTINCT * FROM $wpdb->posts ";
    251         $query .= empty( $category ) ? '' : ", $wpdb->term_relationships, $wpdb->term_taxonomy  "; 
     251        $query .= empty( $category ) ? '' : ", $wpdb->term_relationships, $wpdb->term_taxonomy  ";
    252252        $query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta ";
    253253        $query .= " WHERE 1=1 ";
    254254        $query .= empty( $post_type ) ? '' : "AND post_type = '$post_type' ";
    255         $query .= empty( $post_status ) ? '' : "AND post_status = '$post_status' ";
     255        $query .= 'AND '.get_private_posts_cap_sql('post').' ';
    256256        $query .= "$exclusions $inclusions " ;
    257257        $query .= empty( $category ) ? '' : "AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = " . $category. ") ";
    258258        $query .= empty( $post_parent ) ? '' : "AND $wpdb->posts.post_parent = '$post_parent' ";
     
    428428                if ( $do_object )
    429429                        $post->$field = sanitize_post_field($field, $post->$field, $post->ID, $context);
    430430                else
    431                         $post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);     
     431                        $post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);
    432432        }
    433433
    434434        return $post;
     
    11001100        global $wpdb;
    11011101
    11021102        $defaults = array(
    1103                 'child_of' => 0, 'sort_order' => 'ASC', 
    1104                 'sort_column' => 'post_title', 'hierarchical' => 1, 
    1105                 'exclude' => '', 'include' => '', 
    1106                 'meta_key' => '', 'meta_value' => '', 
     1103                'child_of' => 0, 'sort_order' => 'ASC',
     1104                'sort_column' => 'post_title', 'hierarchical' => 1,
     1105                'exclude' => '', 'include' => '',
     1106                'meta_key' => '', 'meta_value' => '',
    11071107                'authors' => ''
    11081108        );
    11091109
     
    11171117
    11181118        $inclusions = '';
    11191119        if ( !empty($include) ) {
    1120                 $child_of = 0; //ignore child_of, exclude, meta_key, and meta_value params if using include 
     1120                $child_of = 0; //ignore child_of, exclude, meta_key, and meta_value params if using include
    11211121                $exclude = '';
    11221122                $meta_key = '';
    11231123                $meta_value = '';
     
    11461146                        }
    11471147                }
    11481148        }
    1149         if (!empty($exclusions)) 
     1149        if (!empty($exclusions))
    11501150                $exclusions .= ')';
    11511151
    11521152        $author_query = '';
     
    11761176        }
    11771177
    11781178        $query = "SELECT * FROM $wpdb->posts " ;
    1179         $query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ; 
    1180         $query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ;
     1179        $query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ;
     1180        $query .= " WHERE (post_type = 'page' AND ".get_private_posts_cap_sql('page').") $exclusions $inclusions " ;
    11811181        $query .= ( empty( $meta_key ) | empty($meta_value)  ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ;
    11821182        $query .= $author_query;
    11831183        $query .= " ORDER BY " . $sort_column . " " . $sort_order ;
     
    16061606 * SQL code that can be added to a WHERE clause; this SQL is constructed
    16071607 * to allow all published posts, and all private posts to which the user
    16081608 * has access.
    1609  * 
     1609 *
    16101610 * @param string $post_type currently only supports 'post' or 'page'.
    16111611 * @return string SQL code that can be added to a where clause.
    16121612 */