#4073 closed enhancement (invalid)
get_posts: add query hooks (but only apply to non-admin user)
Reported by: | kevinB | Owned by: | markjaquith |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | get_posts has-patch |
Focuses: | Cc: |
Description
(Replaces #4070)
get_posts exists as an unfiltered, minimal-parsing equivalent to WP_Query->get_posts. A sort of back door, I gather, useful when you need to efficiently retrieve what is actually in the database.
Unfortunately, this back door is a huge liability for plugins which hope to add a custom access control layer via query hooks. It's SO easy for a theme to inadvertently defeat such a system by adding a get_posts call. Yes, a theme is always free to query wpdb directly. I'm just trying to avoid accidental conflicts.
There is at least one example of a theme (Tarski) calling get_posts to list posts in a context that has just as much reason to be filtered as the WP_Query->get_posts output.
The attached patch file is a proposed compromise, much more moderate than my last:
- rephrase query with LEFT JOIN statements
- apply join, where, request, results filters only for non-admin current user
- rewrite include, exclude as IN() clause (could not resist)
- eliminate old $query construction block (was constructed but not used)
- add comment questioning why extracted vars are cast to int
The multiple category include/exclude code could be merged in as desired.
If even this patch is too much for 2.2, I would settle for the request and results hooks only.
Attachments (1)
Change History (8)
#3
@
17 years ago
Correction: The attached patch applies query filters only for non-admin URIs ( ! is_admin ), not based on current user role as the title and description imply.
Either approach would work for me, though I would feel better about basing it on a current user role / cap.
#4
@
17 years ago
Please disregard my ignorant question about (int) casting the query values. I realize now it's to filter out null or non-numeric arguments.
Also, I'm going to leave this proposed patch with ( ! is_admin() ) as the criteria for applying hooks. In the existing code, I don't find any precedent for requiring the administrator role, and none of the existing caps quite fit.
#5
@
17 years ago
Re: rob1n comment on #4070 (http://trac.wordpress.org/ticket/4070#comment:4)
I guess it comes down to a documentation issue for theme / plugin developers.
Themes which use get_posts to display "recent posts" sidebars will be incompatible with plugins that do access control by query filtering.
Themes which care to support such plugin functionality should use query_posts instead.
I replaced the patch file with a revision which INNER JOINs post2cat and postmeta. I had them as LEFT JOINs (as in WP_Query), but realized that the existing get_posts code is effectively using INNER JOINs.
On a different topic, why can't WP_Query INNER JOIN post2cat also?