[wp-trac] [WordPress Trac] #9211: Recent comments widget with "private" entries

[WordPress Trac]

#9211: Recent comments widget with "private" entries
--------------------------+-------------------------------------------------
 Reporter:  menelicte     |       Owner:                 
     Type:  defect (bug)  |      Status:  new            
 Priority:  lowest        |   Milestone:  Future Release 
Component:  Widgets       |     Version:  2.7            
 Severity:  trivial       |    Keywords:  widget comments
--------------------------+-------------------------------------------------
 Issue:

 the wp 2.7.1 standard widget for the latest comments lists comments that
 are posted to a private entry, even if the user has no private entry
 reading capability.
 In this case, if the link is clicked, wordpress does not display the
 article because the user hasn't privileges.

 Context:

 a public multi-author site with commented private pages and posts

 Solution:

 If you're interested I've done a bit of changes (2 vars added, query
 modified) in wp_widget_recent_comments() in the 'wp-includes/widgets.php'
 file, to check user capabilities and to show only the list of viewable
 comments.
 The modified code is this:

 {{{
 function wp_widget_recent_comments($args) {
         global $wpdb, $comments, $comment;
         extract($args, EXTR_SKIP);
         $options = get_option('widget_recent_comments');
         $title = empty($options['title']) ? __('Recent Comments') :
 apply_filters('widget_title', $options['title']);
         if ( !$number = (int) $options['number'] )
                 $number = 5;
         else if ( $number < 1 )
                 $number = 1;
         else if ( $number > 15 )
                 $number = 15;
         $can_read_priv_posts=current_user_can('read_private_posts')?"OR
 p.post_type='post'":"";       //row inserted
         $can_read_priv_pages=current_user_can('read_private_pages')?"OR
 p.post_type='page'":"";       //row inserted

         if ( !$comments = wp_cache_get( 'recent_comments', 'widget' ) ) {
                 $comments = $wpdb->get_results("SELECT * FROM
 $wpdb->comments c LEFT JOIN $wpdb->posts p ON c.comment_post_id = p.ID
 WHERE c.comment_approved = '1' AND (p.post_status<>'private'
 $can_read_priv_posts $can_read_priv_pages ) ORDER BY c.comment_date_gmt
 DESC LIMIT $number");       //row modified
                 wp_cache_add( 'recent_comments', $comments, 'widget' );
         }
 ?>

                 <?php echo $before_widget; ?>
                         <?php echo $before_title . $title . $after_title;
 ?>
                         <ul id="recentcomments"><?php
                         if ( $comments ) : foreach ( (array) $comments as
 $comment) :
                         echo  '<li class="recentcomments">' .
 sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="' .
 clean_url( get_comment_link($comment->comment_ID) ) . '">' .
 get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
                         endforeach; endif;?></ul>
                 <?php echo $after_widget; ?>
 <?php
 }

 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9211>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software