WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 13 months ago

#19055 closed enhancement (invalid)

Post type check on top of wp-admin/edit.php enhancement

Reported by: markoheijnen Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Posts, Post Types Keywords: dev-feedback needs-refresh
Focuses: Cc:

Description

I was looking into edit.php and I noticed that when you unregister post type 'post' on a hacky way it never would return as an invalid post type. I do know that this is just a little step to make unregistering a post type easy.

I would say that:

if ( !isset($_GET['post_type']) )
	$post_type = 'post';
elseif ( in_array( $_GET['post_type'], get_post_types( array('show_ui' => true ) ) ) )
	$post_type = $_GET['post_type'];
else
	wp_die( __('Invalid post type') );

should be:

if ( !isset($_GET['post_type']) )
	$_GET['post_type'] = 'post';

if ( in_array( $_GET['post_type'], get_post_types( array('show_ui' => true ) ) ) )
	$post_type = $_GET['post_type'];
else
	wp_die( __('Invalid post type') );

related: unregister_post_type() #14761

Attachments (2)

19055.diff (805 bytes) - added by kawauso 5 years ago.
Assign to $post_type, then check if valid
19055.2.diff (827 bytes) - added by kawauso 5 years ago.
Restore dropped $_GETpost_type? = $post_type; functionality

Download all attachments as: .zip

Change History (13)

#1 @CoenJacobs
5 years ago

  • Cc coenjacobs@… added

#2 @duck_
5 years ago

A similar change could also be made to the default taxonomy logic in edit-tags.php.

#3 @markoheijnen
5 years ago

Also similar with edit-comments.php. Since that completely rely on posts. When that is gone it will break. Same is with the dashboard widgets.

You almost want to make something which enables developer to have more control about accessing wp-admin files.
Maybe this is a little bit to much since most of it you can control with capabilities.

#4 @nacin
5 years ago

Can we do this without hacking values into $_GET?

@kawauso
5 years ago

Assign to $post_type, then check if valid

#5 follow-up: @kawauso
5 years ago

  • Keywords has-patch added

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

#6 in reply to: ↑ 5 ; follow-up: @CoenJacobs
5 years ago

Replying to kawauso:

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

That still defaults to the post type: post. That is exactly what we're trying to get away from.

#7 in reply to: ↑ 6 @kawauso
5 years ago

Replying to CoenJacobs:

Replying to kawauso:

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

That still defaults to the post type: post. That is exactly what we're trying to get away from.

It defaults to it but it's still subject to the same in_array() check as in your proposed fix, so still hits wp_die() if show_ui is false.

@kawauso
5 years ago

Restore dropped $_GETpost_type? = $post_type; functionality

#8 @kawauso
5 years ago

Not sure if the $_GET['post_type'] = $post_type was important or not, so attached second patch restoring it.

#9 @markoheijnen
5 years ago

That is what I ment indeed. Didn't had the time to create a nice patch of it since I was at work.
I like the first patch more. If $_GETpost_type? is used elsewhere it should be changed to $post_type if possible.

#10 @chriscct7
2 years ago

  • Keywords needs-refresh added; has-patch removed

Patches need refresh.

#11 @wonderboymusic
13 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

WP_Screen makes this request obsolete. The check on edit.php has improved as well.

Note: See TracTickets for help on using tickets.