Changeset 49899
- Timestamp:
- 12/23/2020 03:01:00 AM (4 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-query.php
r49832 r49899 2421 2421 } 2422 2422 2423 $has_valid_post_types = true;2424 2423 if ( 'any' === $post_type ) { 2425 2424 $in_search_post_types = get_post_types( array( 'exclude_from_search' => false ) ); 2426 2425 if ( empty( $in_search_post_types ) ) { 2427 $post_type_where = ' AND 1=0 '; 2428 $has_valid_post_types = true; 2426 $where .= ' AND 1=0 '; 2429 2427 } else { 2430 $ post_type_where= " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')";2428 $where .= " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')"; 2431 2429 } 2432 2430 } elseif ( ! empty( $post_type ) && is_array( $post_type ) ) { 2433 $ post_type_where= " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", esc_sql( $post_type ) ) . "')";2431 $where .= " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", esc_sql( $post_type ) ) . "')"; 2434 2432 } elseif ( ! empty( $post_type ) ) { 2435 $ post_type_where= $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type );2433 $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type ); 2436 2434 $post_type_object = get_post_type_object( $post_type ); 2437 2435 } elseif ( $this->is_attachment ) { 2438 $ post_type_where= " AND {$wpdb->posts}.post_type = 'attachment'";2436 $where .= " AND {$wpdb->posts}.post_type = 'attachment'"; 2439 2437 $post_type_object = get_post_type_object( 'attachment' ); 2440 2438 } elseif ( $this->is_page ) { 2441 $ post_type_where= " AND {$wpdb->posts}.post_type = 'page'";2439 $where .= " AND {$wpdb->posts}.post_type = 'page'"; 2442 2440 $post_type_object = get_post_type_object( 'page' ); 2443 2441 } else { 2444 $ post_type_where= " AND {$wpdb->posts}.post_type = 'post'";2442 $where .= " AND {$wpdb->posts}.post_type = 'post'"; 2445 2443 $post_type_object = get_post_type_object( 'post' ); 2446 2444 } … … 2460 2458 2461 2459 $q_status = array(); 2462 2463 if ( ! $has_valid_post_types ) { 2464 // When there are no public post types, there's no need to assemble the post_status clause. 2465 $where .= $post_type_where; 2466 } elseif ( ! empty( $q['post_status'] ) ) { 2467 $where .= $post_type_where; 2468 2460 if ( ! empty( $q['post_status'] ) ) { 2469 2461 $statuswheres = array(); 2470 2462 $q_status = $q['post_status']; … … 2526 2518 } 2527 2519 } elseif ( ! $this->is_singular ) { 2528 if ( 'any' === $post_type ) { 2529 $queried_post_types = get_post_types( array( 'exclude_from_search' => false ) ); 2530 } elseif ( is_array( $post_type ) ) { 2531 $queried_post_types = $post_type; 2532 } elseif ( ! empty( $post_type ) ) { 2533 $queried_post_types = array( $post_type ); 2534 } else { 2535 $queried_post_types = array( 'post' ); 2536 } 2537 2538 if ( ! empty( $queried_post_types ) ) { 2539 $status_type_clauses = array(); 2540 2541 // Assemble a post_status clause for each post type. 2542 foreach ( $queried_post_types as $queried_post_type ) { 2543 $queried_post_type_object = get_post_type_object( $queried_post_type ); 2544 if ( ! $queried_post_type_object instanceof \WP_Post_Type ) { 2545 continue; 2546 } 2547 2548 $type_where = '(' . $wpdb->prepare( "{$wpdb->posts}.post_type = %s AND (", $queried_post_type ); 2549 2550 // Public statuses. 2551 $public_statuses = get_post_stati( array( 'public' => true ) ); 2552 $status_clauses = array(); 2553 foreach ( (array) $public_statuses as $public_status ) { 2554 $status_clauses[] = "{$wpdb->posts}.post_status = '$public_status'"; 2555 } 2556 $type_where .= implode( ' OR ', $status_clauses ); 2557 2558 // Add protected states that should show in the admin all list. 2559 if ( $this->is_admin ) { 2560 $admin_all_statuses = get_post_stati( 2561 array( 2562 'protected' => true, 2563 'show_in_admin_all_list' => true, 2564 ) 2565 ); 2566 foreach ( (array) $admin_all_statuses as $admin_all_status ) { 2567 $type_where .= " OR {$wpdb->posts}.post_status = '$admin_all_status'"; 2568 } 2569 } 2570 2571 // Add private states that are visible to current user. 2572 if ( is_user_logged_in() ) { 2573 $read_private_cap = $queried_post_type_object->cap->read_private_posts; 2574 $private_statuses = get_post_stati( array( 'private' => true ) ); 2575 foreach ( (array) $private_statuses as $private_status ) { 2576 $type_where .= current_user_can( $read_private_cap ) ? " OR {$wpdb->posts}.post_status = '$private_status'" : " OR ({$wpdb->posts}.post_author = $user_id AND {$wpdb->posts}.post_status = '$private_status')"; 2577 } 2578 } 2579 2580 $type_where .= '))'; 2581 2582 $status_type_clauses[] = $type_where; 2583 } 2584 2585 if ( ! empty( $status_type_clauses ) ) { 2586 $where .= ' AND (' . implode( ' OR ', $status_type_clauses ) . ')'; 2587 } 2588 } else { 2589 $where .= ' AND 1=0 '; 2590 } 2591 } else { 2592 $where .= $post_type_where; 2520 $where .= " AND ({$wpdb->posts}.post_status = 'publish'"; 2521 2522 // Add public states. 2523 $public_states = get_post_stati( array( 'public' => true ) ); 2524 foreach ( (array) $public_states as $state ) { 2525 if ( 'publish' === $state ) { // Publish is hard-coded above. 2526 continue; 2527 } 2528 $where .= " OR {$wpdb->posts}.post_status = '$state'"; 2529 } 2530 2531 if ( $this->is_admin ) { 2532 // Add protected states that should show in the admin all list. 2533 $admin_all_states = get_post_stati( 2534 array( 2535 'protected' => true, 2536 'show_in_admin_all_list' => true, 2537 ) 2538 ); 2539 foreach ( (array) $admin_all_states as $state ) { 2540 $where .= " OR {$wpdb->posts}.post_status = '$state'"; 2541 } 2542 } 2543 2544 if ( is_user_logged_in() ) { 2545 // Add private states that are limited to viewing by the author of a post or someone who has caps to read private states. 2546 $private_states = get_post_stati( array( 'private' => true ) ); 2547 foreach ( (array) $private_states as $state ) { 2548 $where .= current_user_can( $read_private_cap ) ? " OR {$wpdb->posts}.post_status = '$state'" : " OR {$wpdb->posts}.post_author = $user_id AND {$wpdb->posts}.post_status = '$state'"; 2549 } 2550 } 2551 2552 $where .= ')'; 2593 2553 } 2594 2554 -
trunk/tests/phpunit/tests/query/postStatus.php
r49833 r49899 7 7 public static $editor_user_id; 8 8 public static $author_user_id; 9 public static $subscriber_user_id;10 9 public static $editor_private_post; 11 10 public static $author_private_post; … … 14 13 15 14 public static function wpSetUpBeforeClass( WP_UnitTest_Factory $factory ) { 16 self::$editor_user_id = $factory->user->create( array( 'role' => 'editor' ) ); 17 self::$author_user_id = $factory->user->create( array( 'role' => 'author' ) ); 18 self::$subscriber_user_id = $factory->user->create( array( 'role' => 'subscriber' ) ); 15 self::$editor_user_id = $factory->user->create( array( 'role' => 'editor' ) ); 16 self::$author_user_id = $factory->user->create( array( 'role' => 'author' ) ); 19 17 20 18 self::$editor_private_post = $factory->post->create( … … 460 458 $this->assertContains( $p1, wp_list_pluck( $q->posts, 'ID' ) ); 461 459 } 462 463 /**464 * @ticket 48556465 * @ticket 13509466 */467 public function test_non_singular_queries_using_post_type_any_should_respect_post_type_read_private_posts_cap() {468 register_post_type(469 'wptests_pt1',470 array(471 'exclude_from_search' => false,472 'capabilities' => array(473 'read_private_posts' => 'read_private_pt1s',474 ),475 )476 );477 478 register_post_type(479 'wptests_pt2',480 array(481 'exclude_from_search' => false,482 )483 );484 485 $post_ids = array();486 487 $post_ids['wptests_pt1_p1'] = $this->factory->post->create(488 array(489 'post_type' => 'wptests_pt1',490 'post_status' => 'private',491 'post_author' => self::$editor_user_id,492 )493 );494 495 $post_ids['wptests_pt1_p2'] = $this->factory->post->create(496 array(497 'post_type' => 'wptests_pt1',498 'post_status' => 'publish',499 'post_author' => self::$editor_user_id,500 )501 );502 503 $post_ids['wptests_pt2_p1'] = $this->factory->post->create(504 array(505 'post_type' => 'wptests_pt2',506 'post_status' => 'private',507 'post_author' => self::$editor_user_id,508 )509 );510 511 $post_ids['wptests_pt2_p2'] = $this->factory->post->create(512 array(513 'post_type' => 'wptests_pt2',514 'post_status' => 'publish',515 'post_author' => self::$editor_user_id,516 )517 );518 519 wp_set_current_user( 0 );520 521 $q = new WP_Query(522 array(523 'post_type' => 'any',524 )525 );526 527 $this->assertSameSets( array( $post_ids['wptests_pt1_p2'], $post_ids['wptests_pt2_p2'] ), wp_list_pluck( $q->posts, 'ID' ) );528 529 wp_set_current_user( self::$subscriber_user_id );530 $GLOBALS['current_user']->add_cap( 'read_private_pt1s' );531 532 $q = new WP_Query(533 array(534 'post_type' => 'any',535 )536 );537 538 $this->assertSameSets( array( $post_ids['wptests_pt1_p1'], $post_ids['wptests_pt1_p2'], $post_ids['wptests_pt2_p2'] ), wp_list_pluck( $q->posts, 'ID' ) );539 }540 541 /**542 * @ticket 48556543 * @ticket 13509544 */545 public function test_non_singular_queries_using_multiple_post_type_should_respect_post_type_read_private_posts_cap() {546 wp_set_current_user( 0 );547 548 register_post_type(549 'wptests_pt1',550 array(551 'exclude_from_search' => false,552 'capabilities' => array(553 'read_private_posts' => 'read_private_pt1s',554 ),555 )556 );557 558 register_post_type(559 'wptests_pt2',560 array(561 'exclude_from_search' => false,562 )563 );564 565 $post_ids = array();566 567 $post_ids['wptests_pt1_p1'] = $this->factory->post->create(568 array(569 'post_type' => 'wptests_pt1',570 'post_status' => 'private',571 'post_author' => self::$editor_user_id,572 )573 );574 575 $post_ids['wptests_pt1_p2'] = $this->factory->post->create(576 array(577 'post_type' => 'wptests_pt1',578 'post_status' => 'publish',579 'post_author' => self::$editor_user_id,580 )581 );582 583 $post_ids['wptests_pt2_p1'] = $this->factory->post->create(584 array(585 'post_type' => 'wptests_pt2',586 'post_status' => 'private',587 'post_author' => self::$editor_user_id,588 )589 );590 591 $post_ids['wptests_pt2_p2'] = $this->factory->post->create(592 array(593 'post_type' => 'wptests_pt2',594 'post_status' => 'publish',595 'post_author' => self::$editor_user_id,596 )597 );598 599 $q = new WP_Query(600 array(601 'post_type' => 'any',602 )603 );604 605 $this->assertSameSets( array( $post_ids['wptests_pt1_p2'], $post_ids['wptests_pt2_p2'] ), wp_list_pluck( $q->posts, 'ID' ) );606 607 $u = $this->factory->user->create();608 609 wp_set_current_user( self::$subscriber_user_id );610 $GLOBALS['current_user']->add_cap( 'read_private_pt1s' );611 612 $q = new WP_Query(613 array(614 'post_type' => array( 'wptests_pt1', 'wptests_pt2' ),615 )616 );617 618 $this->assertSameSets( array( $post_ids['wptests_pt1_p1'], $post_ids['wptests_pt1_p2'], $post_ids['wptests_pt2_p2'] ), wp_list_pluck( $q->posts, 'ID' ) );619 }620 460 }
Note: See TracChangeset
for help on using the changeset viewer.