WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
01/30/2015 02:19:46 AM (8 years ago)
Author:
boonebgorges
Message:

In get_adjacent_post(), return private post if the current user has the capacity to read it.

This mirrors the check that happens post-query in WP_Query. See #30911.

Props bswatson.
Fixes #30287.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/link-template.php

    r31219 r31302  
    15221522    }
    15231523
     1524    // 'post_status' clause depends on the current user.
     1525    if ( is_user_logged_in() ) {
     1526        $user_id = get_current_user_id();
     1527
     1528        $post_type_object = get_post_type_object( $post->post_type );
     1529        if ( empty( $post_type_object ) ) {
     1530            $post_type_cap    = $post->post_type;
     1531            $read_private_cap = 'read_private_' . $post_type_cap . 's';
     1532        } else {
     1533            $read_private_cap = $post_type_object->cap->read_private_posts;
     1534        }
     1535
     1536        /*
     1537         * Results should include private posts belonging to the current user, or private posts where the
     1538         * current user has the 'read_private_posts' cap.
     1539         */
     1540        $private_states = get_post_stati( array( 'private' => true ) );
     1541        $where .= " AND ( p.post_status = 'publish'";
     1542        foreach ( (array) $private_states as $state ) {
     1543            if ( current_user_can( $read_private_cap ) ) {
     1544                $where .= $wpdb->prepare( " OR p.post_status = %s", $state );
     1545            } else {
     1546                $where .= $wpdb->prepare( " OR (p.post_author = %d AND p.post_status = %s)", $user_id, $state );
     1547            }
     1548        }
     1549        $where .= " )";
     1550    } else {
     1551        $where .= " AND p.post_status = 'publish'";
     1552    }
     1553
    15241554    $adjacent = $previous ? 'previous' : 'next';
    15251555    $op = $previous ? '<' : '>';
     
    15521582     * @param array  $excluded_terms Array of excluded term IDs.
    15531583     */
    1554     $where = apply_filters( "get_{$adjacent}_post_where", $wpdb->prepare( "WHERE p.post_date $op %s AND p.post_type = %s AND p.post_status = 'publish' $where", $current_post_date, $post->post_type ), $in_same_term, $excluded_terms );
     1584    $where = apply_filters( "get_{$adjacent}_post_where", $wpdb->prepare( "WHERE p.post_date $op %s AND p.post_type = %s $where", $current_post_date, $post->post_type ), $in_same_term, $excluded_terms );
    15551585
    15561586    /**
Note: See TracChangeset for help on using the changeset viewer.