Post Status should be removed #12
Comments
|
My opinion: The purpose of this plugin is to query posts. It's not limited to a certain kind of query or a specific use-case. I personally think all query arguments should be available so it can satisfy all uses of the plugin. If your specific use-case requires limiting certain query arguments, I think that limit should be implemented through code. You can add this to your theme or core functionality plugin ( http://www.billerickson.net/code/display-posts-lockdown/ ). |
|
My personal opinion is to keep the argument. I know of at least one WordPress.com user who is keeping pages unpublished so they don't appear elsewhere, but then using the post status argument to dynamically pull in content. However, in 'untrusted' environments (where editors really don't want contributors to see other posts), the ability to query arbitrary statuses is problematic. The best option is probably to limit use of post statuses for 'edit_others_posts' and higher caps. |
|
What about just adding a filter for that so users/developers can lock this down tighter if they feel the need? |
|
@wpsmith a filter is in place. Closing this question. Thanks guys for confirming what I thought |
Someone contacted me directly, pointing out that the post status field allowed people to view private posts:
I responded by limiting private posts to users with permission to view it ( @ee038a7 ). His recommendation is to remove post_status it altogether.
@danielbachhuber, what are your thoughts?
The text was updated successfully, but these errors were encountered: