Make WordPress Core

Opened 13 years ago

Closed 13 years ago

#16506 closed defect (bug) (fixed)

Links to private posts in the Recent Comments widget return 404 for logged out users

Reported by: designsimply's profile designsimply Owned by:
Milestone: 3.2 Priority: high
Severity: normal Version: 3.0
Component: Widgets Keywords: has-patch 3.2-early
Focuses: Cc:


Expected: links shown in the recent comments widget to work for logged out users.

Observed: links to private posts return 404 for logged out users.

To reproduce:

  1. Open a WordPress blog
  2. Go to Appearance -> Widgets and add the Recent Comments widget
  3. Create two posts and publish them: one private, one password-protected
  4. Leave comments on each post
  5. Go to Comments and make sure the new comments are approved
  6. Clear cache and cookies or use an incognito window to view the blog
  7. Result: Comments for both the password protected and the private post are visible in the Recent Comments widget. Clicking on the comment for the private post results in a 404 error. Clicking on the comment for the password-protected post results in asking for a password.

Tested in WPCOM latest and WPORG [17426].

I think it makes sense to leave comments for password-protected posts in the Recent Comments widget, but removing comments of private posts for users without rights to see them makes sense since they return a 404 otherwise.

Attachments (2)

16506.diff (1.5 KB) - added by nacin 13 years ago.
16506.b.diff (1.8 KB) - added by filosofo 13 years ago.

Download all attachments as: .zip

Change History (11)

#1 @designsimply
13 years ago

  • Cc sheri@… added

#2 @nacin
13 years ago

  • Priority changed from normal to high
  • Severity changed from normal to major
  • Version set to 3.0

Confirmed as a regression from 2.9 to 3.0. Original fix: r12333.

Broken when we went to get_comments().

13 years ago

#3 @nacin
13 years ago

  • Keywords has-patch added; needs-patch removed

Was pretty simple to replicate r12333 in get_comments().

#4 @nacin
13 years ago

  • Keywords 3.2-early added
  • Milestone changed from Awaiting Review to Future Release
  • Severity changed from major to normal

Fixed initially in 2.9. Broken come 3.0. Too late for 3.1.

13 years ago

#5 @filosofo
13 years ago

May as well throw a few other fields in there.

Also, should something be done to filter out password-protected posts?

#8 @ryan
13 years ago

  • Milestone changed from Future Release to 3.2

#9 @ryan
13 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [17667]) Allow retrieving comments by post type, status, author, author, name, or parent. Fetch only published posts for recent comments widget. Props filosofo. fixes #16506 #12904

Note: See TracTickets for help on using tickets.