From b421255fc8ad1fd35365baef621b1584802e2b57 Mon Sep 17 00:00:00 2001 From: Boone Gorges Date: Sat, 7 Mar 2015 01:15:28 +0000 Subject: [PATCH] When passing `$full` to `get_posts_by_author_sql()`, make sure a 'post_type' clause is included in results. This change makes the 'post_type' clause in `wp_list_authors()` redundant, so we remove it. Third-party plugins using `get_posts_by_author_sql()` may have similarly redundant clauses, but this won't change the results returned by the SQL queries. Also adds unit tests for `get_posts_by_author_sql()`. Props pbearne. Fixes #30354. Built from https://develop.svn.wordpress.org/trunk@31653 git-svn-id: http://core.svn.wordpress.org/trunk@31634 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/author-template.php | 2 +- wp-includes/post.php | 27 +++++++++++++-------------- wp-includes/version.php | 2 +- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/wp-includes/author-template.php b/wp-includes/author-template.php index 491689a7d8..0ec3e9a68e 100644 --- a/wp-includes/author-template.php +++ b/wp-includes/author-template.php @@ -337,7 +337,7 @@ function wp_list_authors( $args = '' ) { $authors = get_users( $query_args ); $author_count = array(); - foreach ( (array) $wpdb->get_results( "SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author" ) as $row ) { + foreach ( (array) $wpdb->get_results( "SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author" ) as $row ) { $author_count[$row->post_author] = $row->count; } foreach ( $authors as $author_id ) { diff --git a/wp-includes/post.php b/wp-includes/post.php index f7654f0f72..981601bd2c 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -5344,35 +5344,34 @@ function get_posts_by_author_sql( $post_type, $full = true, $post_author = null, $cap = $post_type_obj->cap->read_private_posts; } - if ( $full ) { - if ( null === $post_author ) { - $sql = $wpdb->prepare( 'WHERE post_type = %s AND ', $post_type ); - } else { - $sql = $wpdb->prepare( 'WHERE post_author = %d AND post_type = %s AND ', $post_author, $post_type ); - } - } else { - $sql = ''; + $sql = $wpdb->prepare( 'post_type = %s', $post_type ); + + if ( null !== $post_author ) { + $sql .= $wpdb->prepare( ' AND post_author = %d', $post_author ); } - $sql .= "(post_status = 'publish'"; - // Only need to check the cap if $public_only is false. + $post_status_sql = "post_status = 'publish'"; if ( false === $public_only ) { if ( current_user_can( $cap ) ) { // Does the user have the capability to view private posts? Guess so. - $sql .= " OR post_status = 'private'"; + $post_status_sql .= " OR post_status = 'private'"; } elseif ( is_user_logged_in() ) { // Users can view their own private posts. $id = get_current_user_id(); if ( null === $post_author || ! $full ) { - $sql .= " OR post_status = 'private' AND post_author = $id"; + $post_status_sql .= " OR post_status = 'private' AND post_author = $id"; } elseif ( $id == (int) $post_author ) { - $sql .= " OR post_status = 'private'"; + $post_status_sql .= " OR post_status = 'private'"; } // else none } // else none } - $sql .= ')'; + $sql .= " AND ($post_status_sql)"; + + if ( $full ) { + $sql = 'WHERE ' . $sql; + } return $sql; } diff --git a/wp-includes/version.php b/wp-includes/version.php index 3ea601d922..afe0f7cf82 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.2-alpha-31652'; +$wp_version = '4.2-alpha-31653'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.