-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Post Status should be removed #12
Comments
My opinion: The purpose of this plugin is to query posts. It's not limited to a certain kind of query or a specific use-case. I personally think all query arguments should be available so it can satisfy all uses of the plugin. If your specific use-case requires limiting certain query arguments, I think that limit should be implemented through code. You can add this to your theme or core functionality plugin ( http://www.billerickson.net/code/display-posts-lockdown/ ). |
My personal opinion is to keep the argument. I know of at least one WordPress.com user who is keeping pages unpublished so they don't appear elsewhere, but then using the post status argument to dynamically pull in content. However, in 'untrusted' environments (where editors really don't want contributors to see other posts), the ability to query arbitrary statuses is problematic. The best option is probably to limit use of post statuses for 'edit_others_posts' and higher caps. |
What about just adding a filter for that so users/developers can lock this down tighter if they feel the need? |
@wpsmith a filter is in place. Closing this question. Thanks guys for confirming what I thought |
Someone contacted me directly, pointing out that the post status field allowed people to view private posts:
I responded by limiting private posts to users with permission to view it ( @ee038a7 ). His recommendation is to remove post_status it altogether.
@danielbachhuber, what are your thoughts?
The text was updated successfully, but these errors were encountered: