get_posts: add query hooks (but only apply to non-admin user)

[kevinB]

(Replaces #4070)
get_posts exists as an unfiltered, minimal-parsing equivalent to WP_Query->get_posts. A sort of back door, I gather, useful when you need to efficiently retrieve what is actually in the database.

Unfortunately, this back door is a huge liability for plugins which hope to add a custom access control layer via query hooks. It's SO easy for a theme to inadvertently defeat such a system by adding a get_posts call. Yes, a theme is always free to query wpdb directly. I'm just trying to avoid accidental conflicts.

There is at least one example of a theme (Tarski) calling get_posts to list posts in a context that has just as much reason to be filtered as the WP_Query->get_posts output.

The attached patch file is a proposed compromise, much more moderate than my last:

• rephrase query with LEFT JOIN statements

• apply join, where, request, results filters only for non-admin current user

• rewrite include, exclude as IN() clause (could not resist)

• eliminate old $query construction block (was constructed but not used)

• add comment questioning why extracted vars are cast to int

The multiple category include/exclude code could be merged in as desired.

If even this patch is too much for 2.2, I would settle for the request and results hooks only.

[kevinB]

I replaced the patch file with a revision which INNER JOINs post2cat and postmeta. I had them as LEFT JOINs (as in WP_Query), but realized that the existing get_posts code is effectively using INNER JOINs.

On a different topic, why can't WP_Query INNER JOIN post2cat also?

[kevinB]

Correction: The attached patch applies query filters only for non-admin URIs ( ! is_admin ), not based on current user role as the title and description imply.

Either approach would work for me, though I would feel better about basing it on a current user role / cap.

[kevinB]

get_posts: add query hooks for ( ! is_admin ); removed comment about (int) cast

[kevinB]

Please disregard my ignorant question about (int) casting the query values. I realize now it's to filter out null or non-numeric arguments.

Also, I'm going to leave this proposed patch with ( ! is_admin() ) as the criteria for applying hooks. In the existing code, I don't find any precedent for requiring the administrator role, and none of the existing caps quite fit.

[kevinB]

Re: rob1n comment on #4070 (​http://trac.wordpress.org/ticket/4070#comment:4)

I guess it comes down to a documentation issue for theme / plugin developers.

Themes which use get_posts to display "recent posts" sidebars will be incompatible with plugins that do access control by query filtering.

Themes which care to support such plugin functionality should use query_posts instead.