#36379 closed defect (bug) (fixed)
Saving post can remove its hierarchical terms if user cannot 'assign_terms'
Reported by: | dlh | Owned by: | boonebgorges |
---|---|---|---|
Milestone: | 4.5.3 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Taxonomy | Keywords: | fixed-major |
Focuses: | administration | Cc: |
Description
If a user lacks the assign_terms
capability for a hierarchical taxonomy, and the user visits the edit-post screen or uses Quick Edit, the default UI still displays the checklist of terms for that taxonomy but with each input disabled.
However, disabled checkboxes are not submitted with forms. If terms in the taxonomy are selected for the post and the user saves it, 0
is submitted instead of those terms, and the relationships are lost.
To replicate:
- Create a post as an administrator, assign it categories, and save.
- Remove your ability to assign terms:
add_filter( 'register_taxonomy_args', function ( $args ) { $args['capabilities']['assign_terms'] = 'do_not_allow'; return $args; } );
- Go to the edit-post screen for your post. The category checklist appears with your saved terms still checked, but the inputs are disabled.
- Save the post. Now, only the default category is assigned.
The attached patch is the start of one potential solution: Outputting hidden fields in Walker_Category_Checklist::start_el()
to match disabled, checked ones. Something similar would have to happen for Quick Edit.
But there are other approaches, and I might be misdiagnosing the issue, so I thought I would wait for more discussion before attempting to patch further.
Attachments (1)
Change History (18)
#1
@
9 years ago
- Component changed from Administration to Taxonomy
- Keywords 4.6-early needs-patch added
- Milestone changed from Awaiting Review to Future Release
#2
@
9 years ago
I think the solution here is to not output the hidden post_category[]
(or tax_input[$tax]
) input, which is in place so saving of the terms is triggered when no checkboxes are selected.
Refs (there may be more):
#3
@
9 years ago
Thanks @boonebgorges and @johnbillion.
As I understand them, your suggestions aren't mutually exclusive. Adding the capability check seems like it would be worth considering independently of this particular ticket, even.
Unless one of you or someone else has a preference about it, I can work on patches for both approaches.
#5
@
8 years ago
- Keywords 4.6-early needs-patch removed
- Milestone changed from Future Release to 4.6
- Owner set to boonebgorges
- Status changed from new to assigned
#7
@
8 years ago
- Keywords fixed-major added
- Milestone changed from 4.6 to 4.5.3
- Resolution fixed deleted
- Status changed from closed to reopened
Oof, good find, @dlh.
A more appropriate approach, I think, is to do an 'assign_terms' cap check before saving term data on the post. (The hidden input field trick can be bypassed by manipulating the DOM.)