[wp-trac] [WordPress Trac] #19415: wp_nav_menu showing private/conctepts posts without rights

WordPress Trac noreply at wordpress.org
Thu Nov 1 16:52:24 UTC 2012


#19415: wp_nav_menu showing private/conctepts posts without rights
--------------------------+------------------------------
 Reporter:  thomask       |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Security      |     Version:  3.0
 Severity:  major         |  Resolution:
 Keywords:                |
--------------------------+------------------------------
Changes (by Offereins):

 * cc: lmoffereins@… (added)


Comment:

 Isn't this easy to fix with a filter on `wp_nav_menu_objects` checking the
 readability of the object (if post or cpt) for the current user and
 handling the array accordingly? Or does this need a check before that on
 querying the DB? [[BR]]
 Anyways, can someone tell if this is looked at ever since reporting?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19415#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list