Changeset 32523 for trunk/src/wp-includes/post.php
- Timestamp:
- 05/21/2015 06:42:49 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/post.php
r32355 r32523 5328 5328 * @since 2.2.0 5329 5329 * 5330 * @param string $post_type Post type. Currently only supports 'post' or 'page'. 5330 * @param string|array $post_type Array or comma-separated string of post types. 5331 * Currently only supports 'post' or 'page'. 5331 5332 * @return string SQL code that can be added to a where clause. 5332 5333 */ … … 5339 5340 * 5340 5341 * @since 3.0.0 5342 * @since 4.3.0 Introduced the ability to pass multiple post types to `$post_type`. 5341 5343 * 5342 5344 * @see get_private_posts_cap_sql() 5343 5345 * 5344 * @param string $post_type Post type.5345 * @param bool $full Optional. Returns a full WHERE statement instead of just5346 * an 'andalso' term. Default true.5347 * @param int $post_author Optional. Query posts having a single author ID. Default null.5348 * @param bool $public_only Optional. Only return public posts. Skips cap checks for5349 * $current_user. Default false.5346 * @param array|string $post_type Array or comma-separated list of post type(s). 5347 * @param bool $full Optional. Returns a full WHERE statement instead of just 5348 * an 'andalso' term. Default true. 5349 * @param int $post_author Optional. Query posts having a single author ID. Default null. 5350 * @param bool $public_only Optional. Only return public posts. Skips cap checks for 5351 * $current_user. Default false. 5350 5352 * @return string SQL WHERE code that can be added to a query. 5351 5353 */ … … 5353 5355 global $wpdb; 5354 5356 5355 // Private posts. 5356 $post_type_obj = get_post_type_object( $post_type ); 5357 if ( ! $post_type_obj ) 5358 return $full ? 'WHERE 1 = 0' : ' 1 = 0 '; 5359 5360 /** 5361 * Filter the capability to read private posts for a custom post type 5362 * when generating SQL for getting posts by author. 5363 * 5364 * @since 2.2.0 5365 * @deprecated 3.2.0 The hook transitioned from "somewhat useless" to "totally useless". 5366 * 5367 * @param string $cap Capability. 5368 */ 5369 if ( ! $cap = apply_filters( 'pub_priv_sql_capability', '' ) ) { 5370 $cap = $post_type_obj->cap->read_private_posts; 5371 } 5372 5373 $sql = $wpdb->prepare( 'post_type = %s', $post_type ); 5357 if ( is_array( $post_type ) ) { 5358 $post_types = $post_type; 5359 } else { 5360 $post_types = preg_split( '/[\s,]+/', $post_type ); 5361 } 5362 5363 $post_type_clauses = array(); 5364 foreach ( $post_types as $post_type ) { 5365 $post_type_obj = get_post_type_object( $post_type ); 5366 if ( ! $post_type_obj ) { 5367 continue; 5368 } 5369 5370 /** 5371 * Filter the capability to read private posts for a custom post type 5372 * when generating SQL for getting posts by author. 5373 * 5374 * @since 2.2.0 5375 * @deprecated 3.2.0 The hook transitioned from "somewhat useless" to "totally useless". 5376 * 5377 * @param string $cap Capability. 5378 */ 5379 if ( ! $cap = apply_filters( 'pub_priv_sql_capability', '' ) ) { 5380 $cap = current_user_can( $post_type_obj->cap->read_private_posts ); 5381 } 5382 5383 // Only need to check the cap if $public_only is false. 5384 $post_status_sql = "post_status = 'publish'"; 5385 if ( false === $public_only ) { 5386 if ( $cap ) { 5387 // Does the user have the capability to view private posts? Guess so. 5388 $post_status_sql .= " OR post_status = 'private'"; 5389 } elseif ( is_user_logged_in() ) { 5390 // Users can view their own private posts. 5391 $id = get_current_user_id(); 5392 if ( null === $post_author || ! $full ) { 5393 $post_status_sql .= " OR post_status = 'private' AND post_author = $id"; 5394 } elseif ( $id == (int) $post_author ) { 5395 $post_status_sql .= " OR post_status = 'private'"; 5396 } // else none 5397 } // else none 5398 } 5399 5400 $post_type_clauses[] = "( post_type = '" . $post_type . "' AND ( $post_status_sql ) )"; 5401 } 5402 5403 if ( empty( $post_type_clauses ) ) { 5404 return $full ? 'WHERE 1 = 0' : '1 = 0'; 5405 } 5406 5407 $sql = '( '. implode( ' OR ', $post_type_clauses ) . ' )'; 5374 5408 5375 5409 if ( null !== $post_author ) { 5376 5410 $sql .= $wpdb->prepare( ' AND post_author = %d', $post_author ); 5377 5411 } 5378 5379 // Only need to check the cap if $public_only is false.5380 $post_status_sql = "post_status = 'publish'";5381 if ( false === $public_only ) {5382 if ( current_user_can( $cap ) ) {5383 // Does the user have the capability to view private posts? Guess so.5384 $post_status_sql .= " OR post_status = 'private'";5385 } elseif ( is_user_logged_in() ) {5386 // Users can view their own private posts.5387 $id = get_current_user_id();5388 if ( null === $post_author || ! $full ) {5389 $post_status_sql .= " OR post_status = 'private' AND post_author = $id";5390 } elseif ( $id == (int) $post_author ) {5391 $post_status_sql .= " OR post_status = 'private'";5392 } // else none5393 } // else none5394 }5395 5396 $sql .= " AND ($post_status_sql)";5397 5412 5398 5413 if ( $full ) {
Note: See TracChangeset
for help on using the changeset viewer.