WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#20350 closed defect (bug) (wontfix)

get_page_by_title() query can return unpublished page or page revision

Reported by: wpdavis Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch close
Focuses: Cc:

Description

The query in get_page_by_title() doesn't check for post status in the query and therefore can return an unpublished page or a revision of a page.

Attachments (1)

post.diff (669 bytes) - added by wpdavis 3 years ago.

Download all attachments as: .zip

Change History (12)

@wpdavis3 years ago

comment:1 @scribu3 years ago

  • Keywords close added

get_page_by_title() is not used anywhere in Core and should be deprecated, IMO.

If you want to check the status directly through SQL, use get_posts().

comment:2 @scribu3 years ago

Nevermind get_posts(); it doesn't support querying by title, since it's a bad idea. That's why get_page_by_title() isn't used anymore.

comment:3 @wpdavis3 years ago

  • Keywords close removed

It's a bad idea but it still serves a purpose and a quick search of the plugins directory shows 830 uses, so it's not going to be deprecated any time soon. I would recommend applying the patch until deprecation is a more goal.

Version 0, edited 3 years ago by wpdavis (next)

comment:4 @nacin3 years ago

get_page_by_title() can't return a revision; it does limit things by post type.

Not sure if it makes sense to completely limit this to publish only. I imagine you could then just check the post status of whatever you returned. Obviously, that would not help in the case where two posts could return the same result, but it's a lame function for that already (two posts both published would still only give you one).

comment:5 follow-up: @wpdavis3 years ago

Revisions are filtered out by post_status (inherit), not post_type, which remains the post type of the parent.

There could be another var for post_status that could be a string or an array that would default to publish, if that would make you more comfortable.

comment:6 in reply to: ↑ 5 @duck_3 years ago

Replying to wpdavis:

Revisions are filtered out by post_status (inherit), not post_type, which remains the post type of the parent.

Revisions are a separate post type.

I am also not in favour of just returning published items by default. Such a change could possibly break those using the function who expect back posts with a status other than publish.

comment:7 @scribu3 years ago

There could be another var for post_status that could be a string or an array that would default to publish, if that would make you more comfortable.

Why don't we just re-implement all the parameters in WP_Query then?

comment:8 @wpdavis3 years ago

@duck_ and @nacin:
Hate to argue with you guys, but the revisions are most definitely not a separate post type, unless something is seriously wrong with all my WordPress installs. They are set using the inherit post status.

Here is the result of the query that we're seeing on our WordPress install. As you can see the two results returned are a published page and a revision for that same page. This tracks for all revisions on our install, as far as I can tell.

1064506 inherit page Video 1064504-revision-2

1064504 publish page Video video

As to the question of whether to make publish the default, I'm fine if it isn't but I think at the very least nonpublic post statuses should be filtered out by default.

Last edited 3 years ago by wpdavis (previous) (diff)

comment:9 @wpdavis3 years ago

OK, nevermind, it seems that there are some revisions that are classified as post type revision, but there are also a lot that are post type of the original post and then are just post status inherit. This might be a separate bug.

comment:10 @wpdavis3 years ago

  • Keywords close added

Bah, think I found it. There was a small bug in JJJ's post type switcher plugin. Sorry for clogging up Trac with non-core bugs, guys.

Suggesting this is set to close since the function doesn't expose revisions as I thought, though I'd still be happy to work on a new version of the function if you guys would like.

comment:11 @scribu3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.