get_posts: add query hooks (but only apply to non-admin user)
|Reported by:||kevinB||Owned by:||markjaquith|
get_posts exists as an unfiltered, minimal-parsing equivalent to WP_Query->get_posts. A sort of back door, I gather, useful when you need to efficiently retrieve what is actually in the database.
Unfortunately, this back door is a huge liability for plugins which hope to add a custom access control layer via query hooks. It's SO easy for a theme to inadvertently defeat such a system by adding a get_posts call. Yes, a theme is always free to query wpdb directly. I'm just trying to avoid accidental conflicts.
There is at least one example of a theme (Tarski) calling get_posts to list posts in a context that has just as much reason to be filtered as the WP_Query->get_posts output.
The attached patch file is a proposed compromise, much more moderate than my last:
- rephrase query with LEFT JOIN statements
- apply join, where, request, results filters only for non-admin current user
- rewrite include, exclude as IN() clause (could not resist)
- eliminate old $query construction block (was constructed but not used)
- add comment questioning why extracted vars are cast to int
The multiple category include/exclude code could be merged in as desired.
If even this patch is too much for 2.2, I would settle for the request and results hooks only.