Make WordPress Core

Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#4073 closed enhancement (invalid)

get_posts: add query hooks (but only apply to non-admin user)

Reported by: kevinB Owned by: markjaquith
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: get_posts has-patch
Focuses: Cc:


(Replaces #4070) get_posts exists as an unfiltered, minimal-parsing equivalent to WP_Query->get_posts. A sort of back door, I gather, useful when you need to efficiently retrieve what is actually in the database.

Unfortunately, this back door is a huge liability for plugins which hope to add a custom access control layer via query hooks. It's SO easy for a theme to inadvertently defeat such a system by adding a get_posts call. Yes, a theme is always free to query wpdb directly. I'm just trying to avoid accidental conflicts.

There is at least one example of a theme (Tarski) calling get_posts to list posts in a context that has just as much reason to be filtered as the WP_Query->get_posts output.

The attached patch file is a proposed compromise, much more moderate than my last:

  • rephrase query with LEFT JOIN statements
  • apply join, where, request, results filters only for non-admin current user
  • rewrite include, exclude as IN() clause (could not resist)
  • eliminate old $query construction block (was constructed but not used)
  • add comment questioning why extracted vars are cast to int

The multiple category include/exclude code could be merged in as desired.

If even this patch is too much for 2.2, I would settle for the request and results hooks only.

Attachments (1)

includes~post.php~get_pages_B.diff (5.1 KB) - added by kevinB 11 years ago.
get_posts: add query hooks for ( ! is_admin ); removed comment about (int) cast

Download all attachments as: .zip

Change History (8)

#1 @kevinB
11 years ago

  • Keywords get_posts added

I replaced the patch file with a revision which INNER JOINs post2cat and postmeta. I had them as LEFT JOINs (as in WP_Query), but realized that the existing get_posts code is effectively using INNER JOINs.

On a different topic, why can't WP_Query INNER JOIN post2cat also?

#2 @foolswisdom
11 years ago

  • Keywords has-patch added

#3 @kevinB
11 years ago

Correction: The attached patch applies query filters only for non-admin URIs ( ! is_admin ), not based on current user role as the title and description imply.

Either approach would work for me, though I would feel better about basing it on a current user role / cap.

11 years ago

get_posts: add query hooks for ( ! is_admin ); removed comment about (int) cast

#4 @kevinB
11 years ago

Please disregard my ignorant question about (int) casting the query values. I realize now it's to filter out null or non-numeric arguments.

Also, I'm going to leave this proposed patch with ( ! is_admin() ) as the criteria for applying hooks. In the existing code, I don't find any precedent for requiring the administrator role, and none of the existing caps quite fit.

#5 @kevinB
11 years ago

Re: rob1n comment on #4070 (http://trac.wordpress.org/ticket/4070#comment:4)

I guess it comes down to a documentation issue for theme / plugin developers.

Themes which use get_posts to display "recent posts" sidebars will be incompatible with plugins that do access control by query filtering.

Themes which care to support such plugin functionality should use query_posts instead.

#6 @kevinB
11 years ago

  • Resolution set to invalid
  • Status changed from new to closed

#7 @foolswisdom
11 years ago

  • Milestone 2.2 deleted
Note: See TracTickets for help on using tickets.