Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#16506 closed defect (bug) (fixed)

Links to private posts in the Recent Comments widget return 404 for logged out users

Reported by: designsimply Owned by:
Milestone: 3.2 Priority: high
Severity: normal Version: 3.0
Component: Widgets Keywords: has-patch 3.2-early
Focuses: Cc:


Expected: links shown in the recent comments widget to work for logged out users.

Observed: links to private posts return 404 for logged out users.

To reproduce:

  1. Open a WordPress blog
  2. Go to Appearance -> Widgets and add the Recent Comments widget
  3. Create two posts and publish them: one private, one password-protected
  4. Leave comments on each post
  5. Go to Comments and make sure the new comments are approved
  6. Clear cache and cookies or use an incognito window to view the blog
  7. Result: Comments for both the password protected and the private post are visible in the Recent Comments widget. Clicking on the comment for the private post results in a 404 error. Clicking on the comment for the password-protected post results in asking for a password.

Tested in WPCOM latest and WPORG [17426].

I think it makes sense to leave comments for password-protected posts in the Recent Comments widget, but removing comments of private posts for users without rights to see them makes sense since they return a 404 otherwise.

Attachments (2)

16506.diff (1.5 KB) - added by nacin 3 years ago.
16506.b.diff (1.8 KB) - added by filosofo 3 years ago.

Download all attachments as: .zip

Change History (11)

comment:1 designsimply3 years ago

  • Cc sheri@… added

comment:2 nacin3 years ago

  • Priority changed from normal to high
  • Severity changed from normal to major
  • Version set to 3.0

Confirmed as a regression from 2.9 to 3.0. Original fix: r12333.

Broken when we went to get_comments().

nacin3 years ago

comment:3 nacin3 years ago

  • Keywords has-patch added; needs-patch removed

Was pretty simple to replicate r12333 in get_comments().

comment:4 nacin3 years ago

  • Keywords 3.2-early added
  • Milestone changed from Awaiting Review to Future Release
  • Severity changed from major to normal

Fixed initially in 2.9. Broken come 3.0. Too late for 3.1.

filosofo3 years ago

comment:5 filosofo3 years ago

May as well throw a few other fields in there.

Also, should something be done to filter out password-protected posts?

comment:6 filosofo3 years ago

Related: #15555

comment:8 ryan3 years ago

  • Milestone changed from Future Release to 3.2

comment:9 ryan3 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [17667]) Allow retrieving comments by post type, status, author, author, name, or parent. Fetch only published posts for recent comments widget. Props filosofo. fixes #16506 #12904

Note: See TracTickets for help on using tickets.