WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 5 years ago

Last modified 5 years ago

#20662 closed defect (bug) (fixed)

private post can be sticky via quickedit

Reported by: maxemil Owned by: wonderboymusic
Milestone: 4.3 Priority: normal
Severity: normal Version: 3.4
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

While preparing translations to 3.4 I came across

http://core.trac.wordpress.org/browser/trunk/wp-includes/class-wp-xmlrpc-server.php#L908

This indicates that a private post cannot be marked as sticky.

  • however it is quite possible to mark a private post as sticky while using quickedit.

Solution proposal, remove sticky tickbox on quickedit if post is private.
Or if this is only related to the XMLRPC, fix the returnmessage to a warning "a private post will only be visible to you, so sticky might not make any sense".

I'm thinking.. "either its possible or its not, the logic should be the same"

Attachments (6)

20662.patch (834 bytes) - added by chriscct7 5 years ago.
20662.2.patch (840 bytes) - added by chriscct7 5 years ago.
20662.diff (1.0 KB) - added by wonderboymusic 5 years ago.
20662.2.diff (3.4 KB) - added by wonderboymusic 5 years ago.
20662.3.diff (694 bytes) - added by obenland 5 years ago.
20662.4.diff (1.7 KB) - added by ocean90 5 years ago.

Download all attachments as: .zip

Change History (35)

#1 @markoheijnen
8 years ago

  • Keywords dev-feedback added
  • Severity changed from trivial to normal

yes, the logic should be the same. Added dev-feedback to define that the right way is for handling sticky posts.

Wonder if private isn't allowed we should add the check into stick_post().

#2 @chriscct7
5 years ago

  • Keywords needs-patch good-first-bug added
  • Type changed from enhancement to defect (bug)

This is a bug because mw_newPost's logic in that file allows a sticky post to be a private post whereas mw_editPost and _insert_post do not

@chriscct7
5 years ago

#3 @chriscct7
5 years ago

  • Keywords needs-patch good-first-bug removed
  • Milestone changed from Awaiting Review to 4.3
  • Owner set to chriscct7
  • Status changed from new to accepted

#4 @chriscct7
5 years ago

  • Keywords has-patch added

@chriscct7
5 years ago

#5 @chriscct7
5 years ago

Apparently postdata doesn't contain sticky. content_struct does. Patch 2 fixes this.

#6 @chriscct7
5 years ago

  • Keywords needs-testing added; dev-feedback removed

#7 @obenland
5 years ago

If we add it inside the if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) { check, we can remove the sticky check.

@wonderboymusic
5 years ago

#9 @obenland
5 years ago

@wonderboymusic, there is a similar check further up in the file, doing an edit_others_posts cap verification. Should we do that here too? Might be worth making both checks work the same, what do you think?

#10 @wonderboymusic
5 years ago

20662.2.diff adds a helper that can be used in all 3 places where a post can be stuck

#11 @obenland
5 years ago

Looks good. Not sure how to test it but it looks good.

@obenland
5 years ago

#12 @obenland
5 years ago

20662.3.diff fixes the bug for quick edit.

@wonderboymusic, your patch should go in as well, do you know of a good way for me to test it?

#13 @obenland
5 years ago

  • Owner changed from chriscct7 to wonderboymusic
  • Status changed from accepted to assigned

#14 @wonderboymusic
5 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 33325:

Ensure that private posts cannot be made sticky via Quick Edit.
DRY the logic for stickies in wp_xmlrpc_server by introducing ->_toggle_sticky().

Props wonderboymusic, obenland, chriscct7.
Fixes #20662.

#15 @DrewAPicture
5 years ago

  • Keywords needs-docs added
  • Resolution fixed deleted
  • Status changed from closed to reopened

The DocBlock for _toggle_sticky() is incomplete. At the very least, we need a summary describing what purpose the function serves. Adding description for why it's private is also a good idea.

#16 @chriscct7
5 years ago

  • Keywords has-patch needs-testing removed

This ticket was mentioned in Slack in #core by obenland. View the logs.


5 years ago

#18 @wonderboymusic
5 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 33343:

After [33325], add a doc summary.

Fixes #20662.

@ocean90
5 years ago

#19 @ocean90
5 years ago

  • Keywords has-patch added; needs-docs removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

How could this land without any unit tests?

wp_xmlrpc_server::mw_editPost() fails making a post sticky becaue of the missing post_type, see 20662.4.diff.

#20 @obenland
5 years ago

@wonderboymusic, can you take a look when you get a chance?

#21 @wonderboymusic
5 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 33612:

After [33325], supply a missing post_type in ->mw_editPost().

Add unit test.

Props ocean90.
Fixes #20662.

#22 @ocean90
5 years ago

In 34135:

XMLRPC: Don't allow private posts to be sticky.

See #20662.

#23 @ocean90
5 years ago

In 34151:

XMLRPC: Don't allow private posts to be sticky.

Merge of [34135] to the 4.3 branch.

See #20662.

#24 @ocean90
5 years ago

In 34152:

XMLRPC: Don't allow private posts to be sticky.

Merge of [33325], [33612], and [34135] to the 4.2 branch.

See #20662.

#25 @ocean90
5 years ago

In 34153:

XMLRPC: Don't allow private posts to be sticky.

Merge of [33325], [33612], and [34135] to the 4.1 branch.

See #20662.

#26 @ocean90
5 years ago

In 34154:

XMLRPC: Don't allow private posts to be sticky.

Merge of [33325], [33612], and [34135] to the 4.0 branch.

See #20662.

#27 @ocean90
5 years ago

In 34155:

XMLRPC: Don't allow private posts to be sticky.

Merge of [33325], [33612], and [34135] to the 3.9 branch.

See #20662.

#28 @ocean90
5 years ago

In 34156:

XMLRPC: Don't allow private posts to be sticky.

Merge of [33325], [33612], and [34135] to the 3.8 branch.

See #20662.

#29 @ocean90
5 years ago

In 34157:

XMLRPC: Don't allow private posts to be sticky.

Merge of [33325], [33612], and [34135] to the 3.7 branch.

See #20662.

Note: See TracTickets for help on using tickets.