Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#54966 new defect (bug)

Inconsistent checking of read permission for singular vs non-singular queries

Reported by: manfcarlo's profile manfcarlo Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords:
Focuses: Cc:


Apologies if this has already been reported, as I wasn't sure exactly what to search for, but I expect it's a very old behaviour.

When performing a singular query, the read_post meta capability is checked and the post not returned if the user is not allowed to read it.

The same does not happen for non-singular queries. Instead, a primitive capability is checked, which may not always yield an accurate result if the post type is using some non-standard capability mapping.

It would be good if read_post could be checked individually on each of the posts being returned.

Change History (1)

#1 @dlh
2 years ago

  • Component changed from General to Role/Capability

Related: #38276, particularly ticket:38276#comment:7.

Note: See TracTickets for help on using tickets.