Remove the ability to view the post listing screen and post editing screen for post types with `show_ui` set to `false`. It is unexpected and unintended behaviour that this is allowed.

If your plugin or site does rely on this behaviour, the arguments that are passed to `register_post_type()` should be altered so that `show_ui` is `true`, and arguments such as `show_in_menu`, `show_in_nav_menus`, and `show_in_admin_bar` are `false`.

Fixes #33763
Props swissspidy, johnbillion

Built from https://develop.svn.wordpress.org/trunk@34177


git-svn-id: http://core.svn.wordpress.org/trunk@34145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2015-09-15 10:27:29 +00:00
parent caf90ec1c6
commit 541dbb2711
4 changed files with 13 additions and 1 deletions

View File

@ -12,6 +12,10 @@ require_once( dirname( __FILE__ ) . '/admin.php' );
if ( ! $typenow ) if ( ! $typenow )
wp_die( __( 'Invalid post type' ) ); wp_die( __( 'Invalid post type' ) );
if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) {
wp_die( __( 'You are not allowed to edit posts in this post type.' ) );
}
if ( 'attachment' === $typenow ) { if ( 'attachment' === $typenow ) {
if ( wp_redirect( admin_url( 'upload.php' ) ) ) { if ( wp_redirect( admin_url( 'upload.php' ) ) ) {
exit; exit;

View File

@ -109,6 +109,10 @@ case 'edit':
if ( ! $post_type_object ) if ( ! $post_type_object )
wp_die( __( 'Unknown post type.' ) ); wp_die( __( 'Unknown post type.' ) );
if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) {
wp_die( __( 'You are not allowed to edit posts in this post type.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) if ( ! current_user_can( 'edit_post', $post_id ) )
wp_die( __( 'You are not allowed to edit this item.' ) ); wp_die( __( 'You are not allowed to edit this item.' ) );

View File

@ -1228,6 +1228,10 @@ function get_edit_post_link( $id = 0, $context = 'display' ) {
if ( !current_user_can( 'edit_post', $post->ID ) ) if ( !current_user_can( 'edit_post', $post->ID ) )
return; return;
if ( ! in_array( $post->post_type, get_post_types( array( 'show_ui' => true ) ) ) ) {
return;
}
/** /**
* Filter the post edit link. * Filter the post edit link.
* *

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.4-alpha-34176'; $wp_version = '4.4-alpha-34177';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.