WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 5 years ago

Last modified 4 years ago

#5608 closed defect (bug) (invalid)

Future Private Post is immediately visible

Reported by: mattyrob Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3.2
Component: Administration Keywords:
Focuses: Cc:

Description

If you create a Private Post and edit the time stamp to a date in the future the post still becomes immediately visible to registered users.

The database holds a post_status of private rather than future. Surely it should be future and be pushed through a transition hook along the lines of future_to_private.

Change History (12)

comment:1 follow-up: ffemtcj6 years ago

  • Keywords reporter-feedback added; future private post removed

Does this still happen with the trunk version of 2.5?

comment:2 in reply to: ↑ 1 jgmurray6 years ago

Replying to ffemtcj:

Does this still happen with the trunk version of 2.5?

Still happening in Trunk (8029)

comment:3 follow-up: MattyRob6 years ago

Can I propose 2 potential fixes for this:

1/ Add a date parameter into the get_posts function to ensure future posts are not displayed based on time rather than post_status being future

2/ Introduce a new post_status of 'future_private'

It is still affecting (8226)

comment:4 in reply to: ↑ 3 ; follow-up: Otto426 years ago

Replying to MattyRob:

Can I propose 2 potential fixes for this:

1/ Add a date parameter into the get_posts function to ensure future posts are not displayed based on time rather than post_status being future

2/ Introduce a new post_status of 'future_private'

It is still affecting (8226)

Seems like a lot of trouble to go to. I think it's simpler than that.

The post_status should be set to "future", but the cron job that is scheduled should a parameter indicating the private status of the post. The publish_future_post hook will pass this along to whatever function is publishing it, and then the post will get changed to private, along with all the future_to_private hooks getting run and such.

Posts are published by the cron job. That's what future means. If we have the job itself send along how to publish the post, then it will take care of it for you.

comment:5 in reply to: ↑ 4 MattyRob6 years ago

Replying to Otto42:

Seems like a lot of trouble to go to. I think it's simpler than that.

The post_status should be set to "future", but the cron job that is scheduled should a parameter indicating the private status of the post. The publish_future_post hook will pass this along to whatever function is publishing it, and then the post will get changed to private, along with all the future_to_private hooks getting run and such.

Posts are published by the cron job. That's what future means. If we have the job itself send along how to publish the post, then it will take care of it for you.

This seems a better way - in the WordPress tables we can set post_status as future and set post_type as private (currently thought post_type is only 'post' or 'page'.

Then in the transitions looking at 'future' posts we can future_to_publish if it a post or page and future_to_private if its a private.

How does that sound?

comment:6 MattyRob6 years ago

  • Milestone changed from 2.6 to 2.7
  • Priority changed from low to normal

Actually my suggestion above won't work because you can have a Private Post and a Private Page, my suggestion above would not differentiate between a Page and Post.

This is going to need some more thought and perhaps some changes in the core tables.

So, up the priority and bump to 2.7 - won't be fixed in 4 days :(

comment:7 westi6 years ago

  • Keywords needs-patch added
  • Milestone changed from 2.7 to 2.8

comment:8 x11tech5 years ago

Recommendation:

  1. Add new status: future_private for private, scheduled posts/pages (original idea attrib to MattyRob)
  1. Add language support to manage_posts form (/wp-admin/edit.php) and edit_post form (/wp-admin/post.php). For example "Scheduled (Private)"
  1. In function wp_insert_post check for private status, and if the date is in the future, then set $post_status = 'future_private'
  1. In function check_and_publish_future_post, check if $post->post_status = 'future_private' as follows:

Replace

	if ( 'future' != $post->post_status )
		return;

	return wp_publish_post($post_id);

With

	if ( 'future' == $post->post_status || 'future_private' == $post->post_status )
		return wp_publish_post($post_id);

	return;

This approach does the following:

  1. Addresses need for scheduling private posts/pages
  1. Provides a way to differentiate between future public and future private
  1. Remains backward compatible with existing future public method (publish_future_post hook)
  1. Omits the need to add an additional field to be processed (no new variables to manage)
  1. Simplifies conversion of private published content to private future content (If you publish private content, it's post_status private. If you change the date to be in the future, then it auto converts private to future_private). wp_insert_post is called regardless of whether we're creating a new post or updating an old post.

comment:9 follow-up: FFEMTcJ5 years ago

  • Resolution set to invalid
  • Status changed from new to closed

There is no such thing as a private unpublished post. This is not a bug and could maybe be considered a feature request. See also #9136 for additional explanation.

comment:10 mrmist5 years ago

  • Keywords reporter-feedback needs-patch removed
  • Milestone 2.8 deleted

comment:11 in reply to: ↑ 9 mattyrob5 years ago

Replying to FFEMTcJ:

There is no such thing as a private unpublished post. This is not a bug and could maybe be considered a feature request. See also #9136 for additional explanation.

Well, I'm glad that only took 13 months to clarify!

Incidentally, the WordPress codex intimates that Private Pages are only "viewable only to you"- this is not the case, they are viewable to all admin level users.

comment:12 voyagerfan57614 years ago

  • Cc WordPress@… added
Note: See TracTickets for help on using tickets.