Changeset 47179 for trunk/src/wp-includes/class-wp-query.php

Timestamp:

02/04/2020 10:20:25 PM (5 years ago)

Author:

SergeyBiryukov

Message:

Posts, Post Types: Fail gracefully when checking whether the post should be displayed in WP_Query::get_posts() against unregistered post status.

If the post status is not registered, assume it's not public.

Follow-up to [47178].

Props roytanck.
See #48653.

File:

• trunk/src/wp-includes/class-wp-query.php (modified) (2 diffs)

trunk/src/wp-includes/class-wp-query.php

@@ -3067 +3067 @@
         if ( ! empty( $this->posts ) && ( $this->is_single || $this->is_page ) ) {
             $status = get_post_status( $this->posts[0] );
+
             if ( 'attachment' === $this->posts[0]->post_type && 0 === (int) $this->posts[0]->post_parent ) {
                 $this->is_page       = false;
@@ -3072 +3073 @@
                 $this->is_attachment = true;
             }
-            $post_status_obj = get_post_status_object( $status );
 
             // If the post_status was specifically requested, let it pass through.
-            if ( ! $post_status_obj->public && ! in_array( $status, $q_status ) ) {
-
-                if ( ! is_user_logged_in() ) {
-                    // User must be logged in to view unpublished posts.
-                    $this->posts = array();
-                } else {
-                    if ( $post_status_obj->protected ) {
-                        // User must have edit permissions on the draft to preview.
-                        if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
-                            $this->posts = array();
+            if ( ! in_array( $status, $q_status ) ) {
+                $post_status_obj = get_post_status_object( $status );
+
+                if ( $post_status_obj && ! $post_status_obj->public ) {
+                    if ( ! is_user_logged_in() ) {
+                        // User must be logged in to view unpublished posts.
+                        $this->posts = array();
+                    } else {
+                        if ( $post_status_obj->protected ) {
+                            // User must have edit permissions on the draft to preview.
+                            if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
+                                $this->posts = array();
+                            } else {
+                                $this->is_preview = true;
+                                if ( 'future' != $status ) {
+                                    $this->posts[0]->post_date = current_time( 'mysql' );
+                                }
+                            }
+                        } elseif ( $post_status_obj->private ) {
+                            if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) {
+                                $this->posts = array();
+                            }
                         } else {
-                            $this->is_preview = true;
-                            if ( 'future' != $status ) {
-                                $this->posts[0]->post_date = current_time( 'mysql' );
-                            }
-                        }
-                    } elseif ( $post_status_obj->private ) {
-                        if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) {
                             $this->posts = array();
                         }
-                    } else {
-                        $this->posts = array();
                     }
+                } else {
+                    // Post status is not registered, assume it's not public.
+                    $this->posts = array();
                 }
             }