[wp-hackers] Reposting my lost chronicle: Revisiting the 'Trash Can' idea...

David Chait davebytes at comcast.net
Mon Apr 24 17:19:04 GMT 2006

Off the whole 'someone can get me to delete something' thread, I had posted 
a new thread -- unfortunately from the wrong email account, and apparently 
got no bounce message.  So, here's my email, again...


A while back there was discussion of having deletions go to a conceptual
'trash' state, which could later be emptied (automatically over some time
period, or manually, OR restored).  This came back to me as I said to myself
"Gee, Nonces seem great.  But if there's another vector that somehow gets me
to try and delete my own stuff, is there a way I can recover quickly?"
Which brought me back to the trashcan.

The discussion revolved, I believe, around two points:
1. Do we really need 'undo' around deletions?  Or, at that point, around
other actions.
2. If it seems useful, how do we implement it quickly, so it 'drops' right
into the existing architecture with minimal impact.

We obviously wouldn't want 'trash' tables for every possible type of
content... Keeping the 'trashed' items in the main tables has benefits (just
another 'state', so as easy to query and list as any other 'state').

I just thought of maybe have a single trash table which could use an
ID-table pair to reference into other tables (posts, comments, whatever)
flexibly, with the timestamp of the deletion, and the prior-state of
whatever status field had to be set to 'trash'.  That would keep from
(ab)using the postmeta or other tables, and 'centralize' history of changes
across the system (which, obviously, could be expanded to tracking changes
OTHER than just deletion... thinking of potential future applications of

Anyway, just wanted to start this back up, as I still think there's some
useful tidbits here, love to hear opinions (again) now that time has passed,
a new WP version is out, etc.

I should say that this new idea of a trash table (or 'change' table) seems
to have some merit, and might make people think of other ways to use it.
Maybe using the 'per major area' meta table to store such infomation would
be just as good... I don't know.

Overall, given that the referrer discussion, and Nonces discussion, leads to
a situation where there still aren't AYS checks for everything, I feel
some need to give the average end-user a 'safety net' -- if they in
fact need it!  Which, I guess, has yet to be proven.. ;)  I mean, we know
they want/need an integrated spell checker... :)


More information about the wp-hackers mailing list