Opened 2 years ago
Last modified 7 weeks ago
#60566 new defect (bug)
Posts Page as Draft remains publicly queryable
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Future Release | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Query | Keywords: | has-patch has-unit-tests |
| Focuses: | Cc: |
Description
When assigning a Posts Page at "WP Admin > Settings > Reading" and afterward setting that page to draft, the page remains publicly queryable. This is possible via the ?page_id= query (not ?p=) and the provisioned slug.
Change History (4)
#2
@
2 years ago
- Component changed from General to Query
- Keywords needs-patch added
- Milestone changed from Awaiting Review to Future Release
Can confirm this.
Any non-empty ?page_id= query var will work if the posts page is a draft.
Only when using ?page_id=<id> will the page title also be displayed.
This ticket was mentioned in PR #8919 on WordPress/wordpress-develop by @anukasha.
7 months ago
#3
- Keywords has-patch added; needs-patch removed
Added checks in two places where WordPress determines if a page is the posts page:
- When checking by queried_object_id (used when accessing via permalink)
- When checking by page_id (used when accessing via ID)
In both cases, we now:
- Get the actual post object for the page
- Check if the post exists and is published
- If the post doesn't exist or isn't published, set a 404 and return early
- Otherwise, proceed with setting the page as the posts page
Trac ticket: https://core.trac.wordpress.org/ticket/60566
Note: See
TracTickets for help on using
tickets.
When adding a
preview=true-query, the Posts Page will return a 404 response.