WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/07/2015 01:14:31 AM (6 years ago)
Author:
boonebgorges
Message:

When passing $full to get_posts_by_author_sql(), make sure a 'post_type' clause is included in results.

This change makes the 'post_type' clause in wp_list_authors() redundant, so
we remove it. Third-party plugins using get_posts_by_author_sql() may have
similarly redundant clauses, but this won't change the results returned by the
SQL queries.

Also adds unit tests for get_posts_by_author_sql().

Props pbearne.
Fixes #30354.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/post.php

    r31647 r31653  
    53455345    }
    53465346
    5347     if ( $full ) {
    5348         if ( null === $post_author ) {
    5349             $sql = $wpdb->prepare( 'WHERE post_type = %s AND ', $post_type );
    5350         } else {
    5351             $sql = $wpdb->prepare( 'WHERE post_author = %d AND post_type = %s AND ', $post_author, $post_type );
    5352         }
    5353     } else {
    5354         $sql = '';
    5355     }
    5356 
    5357     $sql .= "(post_status = 'publish'";
     5347    $sql = $wpdb->prepare( 'post_type = %s', $post_type );
     5348
     5349    if ( null !== $post_author ) {
     5350        $sql .= $wpdb->prepare( ' AND post_author = %d', $post_author );
     5351    }
    53585352
    53595353    // Only need to check the cap if $public_only is false.
     5354    $post_status_sql = "post_status = 'publish'";
    53605355    if ( false === $public_only ) {
    53615356        if ( current_user_can( $cap ) ) {
    53625357            // Does the user have the capability to view private posts? Guess so.
    5363             $sql .= " OR post_status = 'private'";
     5358            $post_status_sql .= " OR post_status = 'private'";
    53645359        } elseif ( is_user_logged_in() ) {
    53655360            // Users can view their own private posts.
    53665361            $id = get_current_user_id();
    53675362            if ( null === $post_author || ! $full ) {
    5368                 $sql .= " OR post_status = 'private' AND post_author = $id";
     5363                $post_status_sql .= " OR post_status = 'private' AND post_author = $id";
    53695364            } elseif ( $id == (int) $post_author ) {
    5370                 $sql .= " OR post_status = 'private'";
     5365                $post_status_sql .= " OR post_status = 'private'";
    53715366            } // else none
    53725367        } // else none
    53735368    }
    53745369
    5375     $sql .= ')';
     5370    $sql .= " AND ($post_status_sql)";
     5371
     5372    if ( $full ) {
     5373        $sql = 'WHERE ' . $sql;
     5374    }
    53765375
    53775376    return $sql;
Note: See TracChangeset for help on using the changeset viewer.