diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php index 617bcb352d..184fb756e8 100644 --- a/wp-includes/canonical.php +++ b/wp-includes/canonical.php @@ -77,6 +77,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { $redirect = $original; $redirect_url = false; + $redirect_obj = false; // Notice fixing. if ( ! isset( $redirect['path'] ) ) { @@ -102,6 +103,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( is_feed() && $post_id ) { $redirect_url = get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) ); + $redirect_obj = get_post( $post_id ); if ( $redirect_url ) { $redirect['query'] = _remove_qs_args_if_not_in_url( @@ -126,6 +128,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } $redirect_url = get_permalink( $post_id ); + $redirect_obj = get_post( $post_id ); if ( $redirect_url ) { $redirect['query'] = _remove_qs_args_if_not_in_url( @@ -150,6 +153,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( $post_type_obj && $post_type_obj->public && 'auto-draft' !== $redirect_post->post_status ) { $redirect_url = get_permalink( $redirect_post ); + $redirect_obj = get_post( $redirect_post ); $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], @@ -197,6 +201,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( $post_id ) { $redirect_url = get_permalink( $post_id ); + $redirect_obj = get_post( $post_id ); $redirect['path'] = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' ); $redirect['query'] = remove_query_arg( 'page', $redirect['query'] ); @@ -223,27 +228,32 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { ) { if ( ! empty( $_GET['attachment_id'] ) ) { $redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) ); + $redirect_obj = get_post( get_query_var( 'attachment_id' ) ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'attachment_id', $redirect['query'] ); } } else { $redirect_url = get_attachment_link(); + $redirect_obj = get_post(); } } elseif ( is_single() && ! empty( $_GET['p'] ) && ! $redirect_url ) { $redirect_url = get_permalink( get_query_var( 'p' ) ); + $redirect_obj = get_post( get_query_var( 'p' ) ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( array( 'p', 'post_type' ), $redirect['query'] ); } } elseif ( is_single() && ! empty( $_GET['name'] ) && ! $redirect_url ) { $redirect_url = get_permalink( $wp_query->get_queried_object_id() ); + $redirect_obj = get_post( $wp_query->get_queried_object_id() ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'name', $redirect['query'] ); } } elseif ( is_page() && ! empty( $_GET['page_id'] ) && ! $redirect_url ) { $redirect_url = get_permalink( get_query_var( 'page_id' ) ); + $redirect_obj = get_post( get_query_var( 'page_id' ) ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] ); @@ -256,6 +266,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { && 'page' === get_option( 'show_on_front' ) && get_query_var( 'page_id' ) === (int) get_option( 'page_for_posts' ) ) { $redirect_url = get_permalink( get_option( 'page_for_posts' ) ); + $redirect_obj = get_post( get_option( 'page_for_posts' ) ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] ); @@ -310,6 +321,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { && $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE $wpdb->posts.post_author = %d AND $wpdb->posts.post_status = 'publish' LIMIT 1", $author->ID ) ) ) { $redirect_url = get_author_posts_url( $author->ID, $author->user_nicename ); + $redirect_obj = $author; if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'author', $redirect['query'] ); @@ -385,6 +397,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { || ! has_term( $category->term_id, 'category', $wp_query->get_queried_object_id() ) ) { $redirect_url = get_permalink( $wp_query->get_queried_object_id() ); + $redirect_obj = get_post( $wp_query->get_queried_object_id() ); } } } @@ -395,6 +408,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( ! $redirect_url ) { $redirect_url = get_permalink( get_queried_object_id() ); + $redirect_obj = get_post( get_queried_object_id() ); } if ( $page > 1 ) { @@ -740,6 +754,28 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { $requested_url = preg_replace_callback( '|%[a-fA-F0-9][a-fA-F0-9]|', 'lowercase_octets', $requested_url ); } + if ( $redirect_obj instanceof WP_Post ) { + $post_status_obj = get_post_status_object( get_post_status( $redirect_obj ) ); + /* + * Unset the redirect object and URL if they are not readable by the user. + * This condition is a little confusing as the condition needs to pass if + * the post is not readable by the user. That's why there are ! (not) conditions + * throughout. + */ + if ( + // Private post statuses only redirect if the user can read them. + ! ( + $post_status_obj->private && + current_user_can( 'read_post', $redirect_obj->ID ) + ) && + // For other posts, only redirect if publicly viewable. + ! is_post_publicly_viewable( $redirect_obj ) + ) { + $redirect_obj = false; + $redirect_url = false; + } + } + /** * Filters the canonical redirect URL. * diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index 9aecc3b06a..06840cbc9f 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -245,10 +245,10 @@ function map_meta_cap( $cap, $user_id, ...$args ) { break; } - $status_obj = get_post_status_object( $post->post_status ); + $status_obj = get_post_status_object( get_post_status( $post ) ); if ( ! $status_obj ) { /* translators: 1: Post status, 2: Capability name. */ - _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post status %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post with that status.' ), $post->post_status, $cap ), '5.4.0' ); + _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post status %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post with that status.' ), get_post_status( $post ), $cap ), '5.4.0' ); $caps[] = 'edit_others_posts'; break; } diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index 28e6f98ec7..83e7f607be 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -89,6 +89,58 @@ function permalink_anchor( $mode = 'id' ) { } } +/** + * Determine whether post should always use an ugly permalink structure. + * + * @since 5.7.0 + * + * @param WP_Post|int|null $post Optional. Post ID or post object. Defaults to global $post. + * @param bool|null $sample Optional. Whether to force consideration based on sample links. + * If omitted, a sample link is generated if a post object is passed + * with the filter property set to 'sample'. + * @return bool Whether to use an ugly permalink structure. + */ +function wp_force_ugly_post_permalink( $post = null, $sample = null ) { + if ( + null === $sample && + is_object( $post ) && + isset( $post->filter ) && + 'sample' === $post->filter + ) { + $sample = true; + } else { + $post = get_post( $post ); + $sample = null !== $sample ? $sample : false; + } + + if ( ! $post ) { + return true; + } + + $post_status_obj = get_post_status_object( get_post_status( $post ) ); + $post_type_obj = get_post_type_object( get_post_type( $post ) ); + + if ( ! $post_status_obj || ! $post_type_obj ) { + return true; + } + + if ( + // Publicly viewable links never have ugly permalinks. + is_post_status_viewable( $post_status_obj ) || + ( + // Private posts don't have ugly links if the user can read them. + $post_status_obj->private && + current_user_can( 'read_post', $post->ID ) + ) || + // Protected posts don't have ugly links if getting a sample URL. + ( $post_status_obj->protected && $sample ) + ) { + return false; + } + + return true; +} + /** * Retrieves the full permalink for the current post or post ID. * @@ -166,7 +218,7 @@ function get_permalink( $post = 0, $leavename = false ) { if ( $permalink && - ! in_array( $post->post_status, array( 'draft', 'pending', 'auto-draft', 'future', 'trash' ), true ) + ! wp_force_ugly_post_permalink( $post ) ) { $category = ''; @@ -277,7 +329,7 @@ function get_post_permalink( $id = 0, $leavename = false, $sample = false ) { $slug = $post->post_name; - $draft_or_pending = get_post_status( $post ) && in_array( get_post_status( $post ), array( 'draft', 'pending', 'auto-draft', 'future' ), true ); + $force_ugly_link = wp_force_ugly_post_permalink( $post ); $post_type = get_post_type_object( $post->post_type ); @@ -285,13 +337,13 @@ function get_post_permalink( $id = 0, $leavename = false, $sample = false ) { $slug = get_page_uri( $post ); } - if ( ! empty( $post_link ) && ( ! $draft_or_pending || $sample ) ) { + if ( ! empty( $post_link ) && ( ! $force_ugly_link || $sample ) ) { if ( ! $leavename ) { $post_link = str_replace( "%$post->post_type%", $slug, $post_link ); } $post_link = home_url( user_trailingslashit( $post_link ) ); } else { - if ( $post_type->query_var && ( isset( $post->post_status ) && ! $draft_or_pending ) ) { + if ( $post_type->query_var && ( isset( $post->post_status ) && ! $force_ugly_link ) ) { $post_link = add_query_arg( $post_type->query_var, $slug, '' ); } else { $post_link = add_query_arg( @@ -373,11 +425,11 @@ function _get_page_link( $post = false, $leavename = false, $sample = false ) { $post = get_post( $post ); - $draft_or_pending = in_array( $post->post_status, array( 'draft', 'pending', 'auto-draft' ), true ); + $force_ugly_link = wp_force_ugly_post_permalink( $post ); $link = $wp_rewrite->get_page_permastruct(); - if ( ! empty( $link ) && ( ( isset( $post->post_status ) && ! $draft_or_pending ) || $sample ) ) { + if ( ! empty( $link ) && ( ( isset( $post->post_status ) && ! $force_ugly_link ) || $sample ) ) { if ( ! $leavename ) { $link = str_replace( '%pagename%', get_page_uri( $post ), $link ); } @@ -417,13 +469,26 @@ function get_attachment_link( $post = null, $leavename = false ) { $link = false; - $post = get_post( $post ); - $parent = ( $post->post_parent > 0 && $post->post_parent != $post->ID ) ? get_post( $post->post_parent ) : false; - if ( $parent && ! in_array( $parent->post_type, get_post_types(), true ) ) { - $parent = false; + $post = get_post( $post ); + $force_ugly_link = wp_force_ugly_post_permalink( $post ); + $parent_id = $post->post_parent; + $parent = $parent_id ? get_post( $parent_id ) : false; + $parent_valid = true; // Default for no parent. + if ( + $parent_id && + ( + $post->post_parent === $post->ID || + ! $parent || + ! is_post_type_viewable( get_post_type( $parent ) ) + ) + ) { + // Post is either its own parent or parent post unavailable. + $parent_valid = false; } - if ( $wp_rewrite->using_permalinks() && $parent ) { + if ( $force_ugly_link || ! $parent_valid ) { + $link = false; + } elseif ( $wp_rewrite->using_permalinks() && $parent ) { if ( 'page' === $parent->post_type ) { $parentlink = _get_page_link( $post->post_parent ); // Ignores page_on_front. } else { diff --git a/wp-includes/version.php b/wp-includes/version.php index 8361775ad3..83d63b869f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.7-alpha-50131'; +$wp_version = '5.7-alpha-50132'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.