Opened 10 years ago
Last modified 5 months ago
#29999 new defect (bug)
update post overwrites slug if current_user is contributor
Reported by: | jnhghy | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | minor | Version: | 4.0 |
Component: | Posts, Post Types | Keywords: | has-patch dev-feedback |
Focuses: | Cc: |
Description
The wp_update_post function calls wp_insert_post which is located in wp-includes/post.php in posts.php at lines 3168 - 3171 there is this code:
// Don't allow contributors to set the post slug for pending review posts. if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) ) { $post_name = ''; }
this will remove post_name if the current user is a contributor without any message or notification. This creates an issue because scripts/plugins that uses wp_upadate_post usually don't handle this case (the documentation doesn't cover this also - I would update the documentation but I'm wondering if there's no other solution).
I don't see the issues that a contributor changing the slug would create (a contributor vs an editor) anybody does?
Attachments (1)
Change History (21)
#3
@
10 years ago
@jayelebun
Hi, Thank you for your time spent on this.
Here are the steps I'm making to hit this issue:
1) Create post with contributor user and submit it for publish
2) Publish post with admin
3) Draft post with admin
4) Edit post with contributor and change slug, send for review
5) Edit post again with contributor (no slug changing option at this time), send for review again
6) check post with admin, no slug changes will be seen
I haven't tested this with vanilla WP sorry (I'm not familiar with vanila WP, a link? or is it the vanila WP plugin?)
Let me know if you need any other info or if you can confirm this issue.
Thanks
This ticket was mentioned in Slack in #core by jnhghy. View the logs.
10 years ago
#6
@
10 years ago
- Keywords reporter-feedback removed
Also tested with a fresh install of WordPress the issue is still there in wp 4.1.1.
#7
@
10 years ago
I was able to replicate the issue.
29999.patch will allow contributors to edit the slug while a post is waiting for review.
Allowing contributors to edit slugs while a post is pending review also fixes this bug.
I can't see why a contributor should be restricted on changing the slug while the post is waiting for review, since he's allowed to edit it while the post is a Draft.
#9
@
10 years ago
- Type changed from enhancement to defect (bug)
Because of this issue info is lost so I'd leave its status as bug instead of enhancement.
#10
@
10 years ago
- Focuses docs removed
- Keywords has-patch dev-feedback added
- Severity changed from trivial to minor
This ticket was mentioned in Slack in #bbpress by netweb. View the logs.
5 years ago
This ticket was mentioned in Slack in #core-editor by gwwar. View the logs.
4 years ago
#18
@
4 years ago
Is the behavior here expected? From the code comment here, it looks intentional, but it'd be great if we could clarify for folks why we check for this. (For example, is this security related?)
#19
@
9 months ago
The field has been hidden in the block editor in https://github.com/WordPress/gutenberg/pull/46361
However, looking at this again, I am wondering if we should add a filter to allow contributors to edit the slug?
In other words, a filter that allows the conditional to return false
.
Thoughts?
#20
@
5 months ago
I am running into the issue of contributors accidentally resetting a custom slug to the post title when they submit for review (WP 6.6). It looks like it is being addressed in this pull request:
https://github.com/WordPress/gutenberg/pull/46361
But it hasn't been included in WP core yet. Does anyone know of a recommended workaround until it is included?
Hey @jnhghy,
I went through in an attempt to reproduce. Here is a rundown of what I did trying to see if the post slug would disappear or if I would be blocked from updating the post slug as a contributor
Could you provide some more steps on how you're running into this issue? Have you tested this on vanilla WP? For the installation where you're seeing this issue are there any other plugins dealing with permissions?
Thanks!