Opened 3 years ago
Last modified 3 years ago
#54966 new defect (bug)
Inconsistent checking of read permission for singular vs non-singular queries
Reported by: | manfcarlo | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Role/Capability | Keywords: | |
Focuses: | Cc: |
Description
Apologies if this has already been reported, as I wasn't sure exactly what to search for, but I expect it's a very old behaviour.
When performing a singular query, the read_post
meta capability is checked and the post not returned if the user is not allowed to read it.
The same does not happen for non-singular queries. Instead, a primitive capability is checked, which may not always yield an accurate result if the post type is using some non-standard capability mapping.
It would be good if read_post
could be checked individually on each of the posts being returned.
Note: See
TracTickets for help on using
tickets.
Related: #38276, particularly ticket:38276#comment:7.