#11236 closed defect (bug) (fixed)
Trashed pages can still be opened when logged in
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 3.0 | Priority: | lowest |
| Severity: | trivial | Version: | 2.9 |
| Component: | Trash | Keywords: | |
| Focuses: | Cc: |
Description
Pages in the trash can still be visited, assuming that you know the URL (eg you bookmarked it before the page was trashed). This should not be possible; a 404 error should be returned.
Change History (13)
#2
@
15 years ago
- Milestone changed from 2.9 to Future Release
- Priority changed from normal to low
- Severity changed from normal to trivial
#3
@
15 years ago
- Summary changed from Trashed pages can still be opened to Trashed pages can still be opened when logged in
#4
follow-up:
↓ 6
@
15 years ago
- Milestone changed from Future Release to 3.0
- Priority changed from low to normal
401 Error might be valid as well (gone). Since trash is a 2.9 feature and it looks like that someone just had forgotten to complete it, it should be fixd in 2.9 as well.
Is there a concept on how to deal with trashed items? I mean this can be the same for trashed pages and/or trashed links, categories etc. pp.. Which items are trashable anyway?
#5
@
15 years ago
Even better: A message could be displayed: This item was trashed. Do you want to undo this / delete forever this ?
#6
in reply to:
↑ 4
;
follow-up:
↓ 7
@
15 years ago
Replying to hakre:
I think you mean 410 Gone. 401 is Unauthorized.
Yes, 410 is a valid response too, and might be better than 404. However, only if the post was previously published.
I don't think the message is a good idea in the frontend.
#7
in reply to:
↑ 6
@
15 years ago
- Milestone 3.0 deleted
- Priority changed from normal to lowest
Replying to caesarsgrunt:
I don't think the message is a good idea in the frontend.
I misread the ticket, I thought this was about the post editor (backend).
Was able to reproduce. Trashed post is accessible as long as still logged in. Not-logged-in users will get a "Sorry, no posts matched your criteria." message (default theme).
The related function have_posts() is returning true even for a trashed page. That function relies on wp_query->get_posts() (query.php line 1564-2387). You must have passed at least the mid-term exam of the WP-Query Sience before you're allowed to write a patch for that 823-lined-function. Because of that I assume this will never get fixed. So I suggest wontfix right away.
#8
@
15 years ago
- Keywords dev-feedback added; needs-patch removed
- Milestone set to Future Release
See also #11546
For front end queries, IMO ideally WP_Query wouldnt return trash posts for privledged accounts. Except looking at this again, Its not included in the results.. Just when queried direectly?
However, There is the possibility that users may want that, for example, take a wiki plugin, trashed posts would want to be available for moderators on the front end.
The question boils down to: Since privledged accounts can see it in the back end, does that mean they should be able to access it on the front end as well? If so, Adding a Trashed: prefix to the title (Like Private and Protected) would be a mid-ground to mention to the users the reasoning.
Milestone: All open tickets need a milestone.
dev-feedback pending on the user experience of trashed posts on the front end?
#9
@
15 years ago
dd32 wrote: Since privledged accounts can see it in the back end,
Inface priviledged accounts can see it in the frontend if they know the URL. just for correctness so that this does not get mixxed.
#10
@
15 years ago
Inface priviledged accounts can see it in the frontend if they know the URL.
Mate.... I think most are quite aware of that given thats what this damn ticket is about? Please read the tickets before commenting, and while i'm at it please dont link every damn ticket to another that mentions a similar word its getting old
Ah. This is only so if the user is logged in, as with Pending/Draft posts. It still shouldn't be visible really, though.