[wp-hackers] glitch with the_content filter and password-protected posts

[David F. Carr]

A user of one of my plugins is reporting undesirable behavior when he tries
to password protect a post. Even though the body of the post is not
displayed, custom content added from the filter the_the content is
displayed.

My RSVPMaker plugin adds an RSVP form to posts of a custom post type for
events, where the user has specified that RSVPs should be collected. Where
these conditions are met, the HTML for the form is appended to the default
content. It never occurred to me that I needed to test for protected posts
before doing that.

How do I test whether a post is protected and, if so, whether the user has
supplied the required password?

I tried this code below (derived from something I found in the support
forums), but it's not working for me.

if (!empty($post->post_password)) { // if there's a password
if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) {  //
and it doesn't match the cookie
    return $content; // return filtered content unchanged
}
}

This aborts the filter function on a protected post, but it does so even
after the password is entered. That is, the body copy is displayed but not
the output of my filter function. I can see that the password cookie is
set, but it evaluates as not matching $post->post_password

-- 
David F. Carr
Author, Social Collaboration for Dummies
http://www.wiley.com/buy/9781118658543
InformationWeek http://www.informationweek.com/authors/David-Carr

LinkedIn - http://www.linkedin.com/in/davidfcarr
Facebook - http://www.facebook.com/carrcomm