Opened 13 years ago
Last modified 5 years ago
#19415 new defect (bug)
wp_nav_menu showing private/conctepts posts without rights
Reported by: | thomask | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 3.0 |
Component: | Menus | Keywords: | has-patch |
Focuses: | Cc: |
Description
when you are using wordpress menus and you got your post/page in a menu (e.g. using Automatically add new top-level pages) and then change the post/page to concept or set it private, the link to post/page stays in the menu for all users, what may have some negative security concerns
this error in all versions, including todays nightly
IMO it should show only visible posts (if someone disagrees and need it for some backward compatibility, there may be some parameter, but imo hidding private/concept should be default)
Attachments (1)
Change History (6)
#3
@
12 years ago
- Cc lmoffereins@… added
Isn't this easy to fix with a filter on wp_nav_menu_objects
checking the readability of the object (if post or cpt) for the current user and handling the array accordingly? Or does this need a check before that on querying the DB?
Anyways, can someone tell if this is looked at ever since reporting?