Make WordPress Core

Opened 6 years ago

Closed 5 years ago

#11424 closed defect (bug) (worksforme)

Loops can develop in the post_parent hierarchy

Reported by: mdawaffe Owned by: westi
Milestone: Priority: normal
Severity: normal Version: 2.9
Component: General Keywords: close
Focuses: Cc:


It is possible to use wp_insert_post() to create a loop in the post_parent hierarchy.


ID = 1, post_parent = 3
ID = 2, post_parent = 1
ID = 3, post_parent = 2

The admin UI does not present this opportunity, but loops can happen elsewhere (e.g. imports, xmlrpc, etc.).

wp_insert_post() only protects against loops with node length 1 or 2 (a post's post_parent is set to its own ID, or a two posts are parents of one another). Longer loops are not caught.

Attached uses a while loop to find and break any hierarchy loop.

Attachments (1)

11424.diff (1.0 KB) - added by mdawaffe 6 years ago.

Download all attachments as: .zip

Change History (9)

6 years ago

#1 @mdawaffe
6 years ago

This patch only catches loops that would be created by the call to wp_insert_post(). Loops that are already present are not caught (and could cause wp_insert_post() to enter an infinite loop of its own with this patch).

#2 @westi
6 years ago

  • Owner set to westi
  • Status changed from new to accepted

Related tickets: #11018,

#3 @hakre
6 years ago

The underlying datastrcutrure offer loops. I do not think that this is a bug but a feature.

#4 @hakre
6 years ago

Patch file is broken.

In wp_insert_post() there are done some validation checks on post_ID and post_parent. Setting the post's parent to the post itself (Post can't be its own parent) and the parent post post's parent (grandparent) to the the post itself (Check for circular dependency).

Both checks are only half-way implemented because they only work in case that a post is updated and not for creation.

So technically you can create posts will loose their parent on the next update (parent set to 0 on update).

Looks like a concept is missing on post_parent. On a new blog you can create A Post that will have the parent to it's own if you know the next post_ID which is not that hard to guess.

#5 @hakre
6 years ago

As argumented 12 days ago the concept is broken. So close as wontfix?

#6 @westi
6 years ago

  • Milestone changed from 3.0 to 3.1

Move out of 3.0.

Too late to address this now.

#7 @nacin
5 years ago

  • Keywords close added; has-patch needs-testing removed
  • Milestone changed from Awaiting Triage to Awaiting Review

This still an issue in 3.1? I believe this has been handled.

#8 @nacin
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from accepted to closed
Note: See TracTickets for help on using tickets.