WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 3 years ago

#11424 closed defect (bug) (worksforme)

Loops can develop in the post_parent hierarchy

Reported by: mdawaffe Owned by: westi
Milestone: Priority: normal
Severity: normal Version: 2.9
Component: General Keywords: close
Focuses: Cc:

Description

It is possible to use wp_insert_post() to create a loop in the post_parent hierarchy.

E.g.

ID = 1, post_parent = 3
ID = 2, post_parent = 1
ID = 3, post_parent = 2

The admin UI does not present this opportunity, but loops can happen elsewhere (e.g. imports, xmlrpc, etc.).

wp_insert_post() only protects against loops with node length 1 or 2 (a post's post_parent is set to its own ID, or a two posts are parents of one another). Longer loops are not caught.

Attached uses a while loop to find and break any hierarchy loop.

Attachments (1)

11424.diff (1.0 KB) - added by mdawaffe 4 years ago.

Download all attachments as: .zip

Change History (9)

mdawaffe4 years ago

comment:1 mdawaffe4 years ago

This patch only catches loops that would be created by the call to wp_insert_post(). Loops that are already present are not caught (and could cause wp_insert_post() to enter an infinite loop of its own with this patch).

comment:2 westi4 years ago

  • Owner set to westi
  • Status changed from new to accepted

Related tickets: #11018,

comment:3 hakre4 years ago

The underlying datastrcutrure offer loops. I do not think that this is a bug but a feature.

comment:4 hakre4 years ago

Patch file is broken.


In wp_insert_post() there are done some validation checks on post_ID and post_parent. Setting the post's parent to the post itself (Post can't be its own parent) and the parent post post's parent (grandparent) to the the post itself (Check for circular dependency).

Both checks are only half-way implemented because they only work in case that a post is updated and not for creation.

So technically you can create posts will loose their parent on the next update (parent set to 0 on update).

Looks like a concept is missing on post_parent. On a new blog you can create A Post that will have the parent to it's own if you know the next post_ID which is not that hard to guess.

comment:5 hakre4 years ago

As argumented 12 days ago the concept is broken. So close as wontfix?

comment:6 westi4 years ago

  • Milestone changed from 3.0 to 3.1

Move out of 3.0.

Too late to address this now.

comment:7 nacin3 years ago

  • Keywords close added; has-patch needs-testing removed
  • Milestone changed from Awaiting Triage to Awaiting Review

This still an issue in 3.1? I believe this has been handled.

comment:8 nacin3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from accepted to closed
Note: See TracTickets for help on using tickets.