Skip to content

Fix ContentImporter permission and post type checks#612

Open
apermo wants to merge 3 commits intolloc:masterfrom
apermo:fix/610-611-content-importer-security
Open

Fix ContentImporter permission and post type checks#612
apermo wants to merge 3 commits intolloc:masterfrom
apermo:fix/610-611-content-importer-security

Conversation

@apermo
Copy link
Copy Markdown
Contributor

@apermo apermo commented Apr 15, 2026

Closes #610, closes #611

Summary

  • Add read_post capability check on the source blog before importing content, preventing private content from leaking across blogs
  • Add post_type_exists() check on the target blog before inserting, preventing silent failures when a custom post type is not registered on all blogs

Test plan

  • Attempt content import from a private post the user cannot read — should silently skip
  • Attempt content import to a blog missing the source post type — should silently skip
  • Normal content import workflow still works as before
  • Run composer test — all tests pass

apermo added 2 commits April 15, 2026 09:05
@apermo
fix(import): add read_post permission check
1d0b575 
Verify the user can read the source post before
importing its content. Prevents leaking private
post content across blogs.

Closes lloc#610
@apermo
fix(import): check post_type_exists on target blog
fddc7c6 
Verify the post type is registered on the target
blog before inserting. Returns early if the post
type does not exist, preventing silent failures.

Closes lloc#611
@apermo apermo requested a review from lloc as a code owner April 15, 2026 07:06
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces security and stability improvements to the content import process by adding a capability check for reading source posts and validating post types before insertion. A review comment suggests optimizing the blog switching logic in handle_import to fetch the post object while the context is already switched, which would eliminate redundant operations later in the execution flow.

Comment thread includes/ContentImport/ContentImporter.php
@apermo
refactor(import): combine blog switch for read
f3c5327 
check and post fetch

Fetch source post in the same switch_to_blog call
as the read_post capability check, removing a
redundant blog switch cycle.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lloc lloc Awaiting requested review from lloc lloc is a code owner

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ContentImporter missing post_type_exists check on target blog ContentImporter missing source post read permission check

1 participant

@apermo