[wp-hackers] glitch with the_content filter and password-protected posts

Nikola Nikolov nikolov.tmw at gmail.com
Wed Jan 15 13:58:23 UTC 2014


If you look at how
the_content()<https://github.com/WordPress/WordPress/blob/master/wp-includes/post-template.php#L164>and
get_the_content()<https://github.com/WordPress/WordPress/blob/master/wp-includes/post-template.php#L180>functions
work, you would see that the_content() calls get_the_content()
and then does apply_filters( 'the_content', $content ) to what was
returned.
Inside of get_the_content() though you would see

if ( post_password_required( $post ) )
    return get_the_password_form( $post );

( no brackets :ugh: :) )

So it seems like what you should do in your function that adds extra output
is something like this:

if ( post_password_required( $post ) ) {
    return '';
}

By returning an empty string when a post password is required(if the user
already entered the password, post_password_required() will return false)
you make sure that none of your output is displayed.


On Wed, Jan 15, 2014 at 3:47 PM, David F. Carr <david at carrcommunications.com
> wrote:

> A user of one of my plugins is reporting undesirable behavior when he tries
> to password protect a post. Even though the body of the post is not
> displayed, custom content added from the filter the_the content is
> displayed.
>
> My RSVPMaker plugin adds an RSVP form to posts of a custom post type for
> events, where the user has specified that RSVPs should be collected. Where
> these conditions are met, the HTML for the form is appended to the default
> content. It never occurred to me that I needed to test for protected posts
> before doing that.
>
> How do I test whether a post is protected and, if so, whether the user has
> supplied the required password?
>
> I tried this code below (derived from something I found in the support
> forums), but it's not working for me.
>
> if (!empty($post->post_password)) { // if there's a password
> if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) {  //
> and it doesn't match the cookie
>     return $content; // return filtered content unchanged
> }
> }
>
> This aborts the filter function on a protected post, but it does so even
> after the password is entered. That is, the body copy is displayed but not
> the output of my filter function. I can see that the password cookie is
> set, but it evaluates as not matching $post->post_password
>
> --
> David F. Carr
> Author, Social Collaboration for Dummies
> http://www.wiley.com/buy/9781118658543
> InformationWeek http://www.informationweek.com/authors/David-Carr
>
> LinkedIn - http://www.linkedin.com/in/davidfcarr
> Facebook - http://www.facebook.com/carrcomm
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list