#13509 closed defect (bug) (fixed)
Searching doesn't return Private results to logged in users with read_private_ permissions
Reported by: | inbytesinc | Owned by: | boonebgorges |
---|---|---|---|
Milestone: | 5.7 | Priority: | normal |
Severity: | normal | Version: | 2.9.1 |
Component: | Posts, Post Types | Keywords: | has-patch needs-refresh |
Focuses: | Cc: |
Description
When you do a search with these requirements...
- You are a registered user.
- You are logged in.
- You have read_private_posts permissions.
... you expect seeing in the results those Private posts that contains your query's terms.
But you end up with showing only the ones that belongs to you. I think the bug is in these lines:
if ( is_user_logged_in() ) { $where .= current_user_can( "read_private_{$post_type_cap}s" ) ? " OR $wpdb->posts.post_status = 'private'" : " OR $wpdb->posts.post_author = $user_ID AND $wpdb->posts.post_status = 'private'"; }
As $post_type_cap is set to "any" when you do a search, the conditional expression always fails as it's asking for this:
current_user_can( "read_private_anys" )
... and ends up always in the second part of the conditional expression. That is:
" OR $wpdb->posts.post_author = $user_ID AND $wpdb->posts.post_status = 'private'"
Thanks.
Attachments (1)
Change History (16)
#1
@
14 years ago
- Component changed from Query to Post Types
- Keywords needs-patch added; query search private logged removed
- Milestone changed from Unassigned to 3.0
#5
@
14 years ago
- Milestone changed from Awaiting Triage to Future Release
dd32's change makes sense.
#10
@
4 years ago
While looking into ticket 46968 https://core.trac.wordpress.org/ticket/46968. I encountered the exact issue that @inbytesinc did. I googled "read_private_anys" and got here.
I realised that this is related and that this patch will solve both issues.
Note: See
TracTickets for help on using
tickets.
The only solution to this i can think of is going to be something like the following, the current check for a cap and setting the SQL isnt going to work with custom post_types..
Setting to 3.0 for now, but will need a patch rather soon to get in.