Making WordPress.org

Changeset 1534


Ignore:
Timestamp:
05/02/2015 12:51:04 AM (9 years ago)
Author:
iandunn
Message:

WordCamp JSON API: Allow post__in for unauthenticated sessions queries.

Normally post__in is not a valid query var for unauthenticated users, but if it's left out then the query for sessions returns all available posts, rather than the filtered list that was intended.

Fixes #1009

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/wcorg-json-api.php

    r1533 r1534  
    235235
    236236    if ( $session_ids ) {
     237        add_filter( 'json_query_vars', 'wcorg_json_allow_post_in' );
    237238        $sessions = $wp_json_posts->get_posts(
    238239            array(
     
    245246            'wcb_session'
    246247        );
     248        remove_filter( 'json_query_vars', 'wcorg_json_allow_post_in' );
    247249    }
    248250
    249251    return $sessions;
     252}
     253
     254/**
     255 * Allow the `post_in` query var in `WP_JSON_Posts::get_post()` queries, even if the user is unauthenticated.
     256 *
     257 * @param array $query_vars
     258 *
     259 * @return array
     260 */
     261function wcorg_json_allow_post_in( $query_vars ) {
     262    $query_vars[] = 'post__in';
     263
     264    return $query_vars;
    250265}
    251266
Note: See TracChangeset for help on using the changeset viewer.