Opened 4 years ago
Last modified 4 years ago
#51651 new defect (bug)
The `read_post` meta capability returns an incorrect result for the inherit post status.
Reported by: | peterwilsoncc | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 3.4 |
Component: | Role/Capability | Keywords: | |
Focuses: | Cc: |
Description
When an attachment is uploaded via an edit post screen, it is given the inherit post status to determine whether it is published, private, etc.
The key definition within the post object are as follows:
post_type: attachment post_status: inherit post_parent: 1
The inherit
post status is registered as internal
, and is therefore not considered public
.
As the read_post
meta capability gets the post status object without checking if it is inherited, it returns the incorrect result for logged in users able to read the post:
<?php // $post: attachment attached to a post/page. $status_obj = get_post_status_object( $post->post_status /* 'inherit' */ );
To correctly determine if a user can read the post, the post status string ought to use get_post_status()
:
<?php // $post: attachment attached to a post/page. $status_obj = get_post_status_object( get_post_status( $post ) );
This potentially applies to other meta capabilities too.
Note: See
TracTickets for help on using
tickets.
[50132] fixed this for
read_post
but this bug does indeed apply to other meta caps in some circumstances.