Remove the ability to view the post listing screen and post editing screen for post types with show_ui set to false. It is unexpected and unintended behaviour that this is allowed.

If your plugin or site does rely on this behaviour, the arguments that are passed to `register_post_type()` should be altered so that `show_ui` is `true`, and arguments such as `show_in_menu`, `show_in_nav_menus`, and `show_in_admin_bar` are `false`. Fixes #33763 Props swissspidy, johnbillion git-svn-id: https://develop.svn.wordpress.org/trunk@34177 602fd350-edb4-49c9-b593-d223f7449a82
2015-09-15 10:26:22 +00:00 · 2015-09-15 10:26:22 +00:00 · a923d36085
commit a923d36085
parent 9b836740c3
3 changed files with 12 additions and 0 deletions
--- a/src/wp-admin/edit.php
+++ b/src/wp-admin/edit.php
@ -12,6 +12,10 @@ require_once( dirname( __FILE__ ) . '/admin.php' );
 if ( ! $typenow )
 	wp_die( __( 'Invalid post type' ) );

+if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) {
+	wp_die( __( 'You are not allowed to edit posts in this post type.' ) );
+}
+
 if ( 'attachment' === $typenow ) {
 	if ( wp_redirect( admin_url( 'upload.php' ) ) ) {
 		exit;
--- a/src/wp-admin/post.php
+++ b/src/wp-admin/post.php
@ -109,6 +109,10 @@ case 'edit':
 	if ( ! $post_type_object )
 		wp_die( __( 'Unknown post type.' ) );

+	if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) {
+		wp_die( __( 'You are not allowed to edit posts in this post type.' ) );
+	}
+
 	if ( ! current_user_can( 'edit_post', $post_id ) )
 		wp_die( __( 'You are not allowed to edit this item.' ) );

--- a/src/wp-includes/link-template.php
+++ b/src/wp-includes/link-template.php
@ -1228,6 +1228,10 @@ function get_edit_post_link( $id = 0, $context = 'display' ) {
 	if ( !current_user_can( 'edit_post', $post->ID ) )
 		return;

+	if ( ! in_array( $post->post_type, get_post_types( array( 'show_ui' => true ) ) ) ) {
+		return;
+	}
+
 	/**
 	 * Filter the post edit link.
 	 *