Post type check on top of wp-admin/edit.php enhancement

[markoheijnen]

I was looking into edit.php and I noticed that when you unregister post type 'post' on a hacky way it never would return as an invalid post type. I do know that this is just a little step to make unregistering a post type easy.

I would say that:

if ( !isset($_GET['post_type']) )
	$post_type = 'post';
elseif ( in_array( $_GET['post_type'], get_post_types( array('show_ui' => true ) ) ) )
	$post_type = $_GET['post_type'];
else
	wp_die( __('Invalid post type') );

should be:

if ( !isset($_GET['post_type']) )
	$_GET['post_type'] = 'post';

if ( in_array( $_GET['post_type'], get_post_types( array('show_ui' => true ) ) ) )
	$post_type = $_GET['post_type'];
else
	wp_die( __('Invalid post type') );

related: unregister_post_type() #14761

[duck_]

A similar change could also be made to the default taxonomy logic in edit-tags.php.

[markoheijnen]

Also similar with edit-comments.php. Since that completely rely on posts. When that is gone it will break. Same is with the dashboard widgets.

You almost want to make something which enables developer to have more control about accessing wp-admin files.
Maybe this is a little bit to much since most of it you can control with capabilities.

[nacin]

Can we do this without hacking values into $_GET?

[kawauso]

Assign to $post_type, then check if valid

[kawauso]

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

[CoenJacobs]

Replying to kawauso:

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

That still defaults to the post type: post. That is exactly what we're trying to get away from.

[kawauso]

Replying to CoenJacobs:

Replying to kawauso:

Attached a patch that condenses it down to just

$post_type = isset( $_GET['post_type'] ) ? $_GET['post_type'] : 'post';

and checks that instead.

That still defaults to the post type: post. That is exactly what we're trying to get away from.

It defaults to it but it's still subject to the same in_array() check as in your proposed fix, so still hits wp_die() if show_ui is false.

[kawauso]

Restore dropped $_GETpost_type? = $post_type; functionality

[kawauso]

Not sure if the $_GET['post_type'] = $post_type was important or not, so attached second patch restoring it.

[markoheijnen]

That is what I ment indeed. Didn't had the time to create a nice patch of it since I was at work.
I like the first patch more. If $_GETpost_type? is used elsewhere it should be changed to $post_type if possible.

[chriscct7]

Patches need refresh.

[wonderboymusic]

WP_Screen makes this request obsolete. The check on edit.php has improved as well.