WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 10 months ago

#19055 new enhancement

Post type check on top of wp-admin/edit.php enhancement

Reported by: markoheijnen Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Posts, Post Types Keywords: dev-feedback needs-refresh
Focuses: Cc:

Description

I was looking into edit.php and I noticed that when you unregister post type 'post' on a hacky way it never would return as an invalid post type. I do know that this is just a little step to make unregistering a post type easy.

I would say that:

if ( !isset($_GET['post_type']) )
	$post_type = 'post';
elseif ( in_array( $_GET['post_type'], get_post_types( array('show_ui' => true ) ) ) )
	$post_type = $_GET['post_type'];
else
	wp_die( __('Invalid post type') );

should be:

if ( !isset($_GET['post_type']) )
	$_GET['post_type'] = 'post';

if ( in_array( $_GET['post_type'], get_post_types( array('show_ui' => true ) ) ) )
	$post_type = $_GET['post_type'];
else
	wp_die( __('Invalid post type') );

related: unregister_post_type() #14761

Attachments (2)

19055.diff (805 bytes) - added by kawauso 4 years ago.
Assign to $post_type, then check if valid
19055.2.diff (827 bytes) - added by kawauso 4 years ago.
Restore dropped $_GETpost_type? = $post_type; functionality

Download all attachments as: .zip

Change History (12)

comment:1 @CoenJacobs4 years ago

  • Cc coenjacobs@… added

comment:2 @duck_4 years ago

A similar change could also be made to the default taxonomy logic in edit-tags.php.

comment:3 @markoheijnen4 years ago

Also similar with edit-comments.php. Since that completely rely on posts. When that is gone it will break. Same is with the dashboard widgets.

You almost want to make something which enables developer to have more control about accessing wp-admin files.
Maybe this is a little bit to much since most of it you can control with capabilities.

comment:4 @nacin4 years ago

Can we do this without hacking values into $_GET?

@kawauso4 years ago

Assign to $post_type, then check if valid

comment:5 follow-up: @kawauso4 years ago

  • Keywords has-patch added

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

comment:6 in reply to: ↑ 5 ; follow-up: @CoenJacobs4 years ago

Replying to kawauso:

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

That still defaults to the post type: post. That is exactly what we're trying to get away from.

comment:7 in reply to: ↑ 6 @kawauso4 years ago

Replying to CoenJacobs:

Replying to kawauso:

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

That still defaults to the post type: post. That is exactly what we're trying to get away from.

It defaults to it but it's still subject to the same in_array() check as in your proposed fix, so still hits wp_die() if show_ui is false.

@kawauso4 years ago

Restore dropped $_GETpost_type? = $post_type; functionality

comment:8 @kawauso4 years ago

Not sure if the $_GET['post_type'] = $post_type was important or not, so attached second patch restoring it.

comment:9 @markoheijnen4 years ago

That is what I ment indeed. Didn't had the time to create a nice patch of it since I was at work.
I like the first patch more. If $_GETpost_type? is used elsewhere it should be changed to $post_type if possible.

comment:10 @chriscct710 months ago

  • Keywords needs-refresh added; has-patch removed

Patches need refresh.

Note: See TracTickets for help on using tickets.