In `get_permalink()`, don't resolve to pretty permalink if post has 'future' status.

We already do this for other non-public statuses, to prevent leaking non-public information about unpublished posts. Props e.mazovetskiy, CalEvans. Fixes #30910. git-svn-id: https://develop.svn.wordpress.org/trunk@31114 602fd350-edb4-49c9-b593-d223f7449a82
2015-01-09 16:39:56 +00:00 · 2015-01-09 16:39:56 +00:00 · d5c9eb41d7
parent 68191cc15c
commit d5c9eb41d7
3 changed files with 45 additions and 4 deletions
--- a/src/wp-includes/link-template.php
+++ b/src/wp-includes/link-template.php
@ -157,7 +157,7 @@ function get_permalink( $id = 0, $leavename = false ) {
 	 */
 	$permalink = apply_filters( 'pre_post_link', $permalink, $post, $leavename );

-	if ( '' != $permalink && !in_array($post->post_status, array('draft', 'pending', 'auto-draft')) ) {
+	if ( '' != $permalink && !in_array( $post->post_status, array( 'draft', 'pending', 'auto-draft', 'future' ) ) ) {
 		$unixtime = strtotime($post->post_date);

 		$category = '';
@ -253,7 +253,7 @@ function get_post_permalink( $id = 0, $leavename = false, $sample = false ) {

 	$slug = $post->post_name;

-	$draft_or_pending = isset($post->post_status) && in_array( $post->post_status, array( 'draft', 'pending', 'auto-draft' ) );
+	$draft_or_pending = isset( $post->post_status ) && in_array( $post->post_status, array( 'draft', 'pending', 'auto-draft', 'future' ) );

 	$post_type = get_post_type_object($post->post_type);

--- a/tests/phpunit/tests/link.php
+++ b/tests/phpunit/tests/link.php
@ -286,4 +286,46 @@ class Tests_Link extends WP_UnitTestCase {
 		$relative_link = wp_make_link_relative( $link );
 		$this->assertEquals( '/this-is-a-test/?redirect=https://example.org/a-different-test-post/', $relative_link );
 	}
+
+	/**
+	 * @ticket 30910
+	 */
+	public function test_get_permalink_should_not_reveal_post_name_for_post_with_post_status_future() {
+		update_option( 'permalink_structure','/%year%/%monthnum%/%day%/%postname%/' );
+
+		flush_rewrite_rules();
+
+		$p = $this->factory->post->create( array(
+			'post_status' => 'publish',
+			'post_date'   => strftime( '%Y-%m-%d %H:%M:%S', strtotime( '+1 day' ) )
+		) );
+
+		$non_pretty_permalink = add_query_arg( 'p', $p, trailingslashit( home_url() ) );
+
+		$this->assertEquals( $non_pretty_permalink, get_permalink( $p ) );
+	}
+
+	/**
+	 * @ticket 30910
+	 */
+	public function test_get_permalink_should_not_reveal_post_name_for_cpt_with_post_status_future() {
+		update_option( 'permalink_structure','/%year%/%monthnum%/%day%/%postname%/' );
+
+		register_post_type( 'wptests_pt', array( 'public' => true ) );
+
+		flush_rewrite_rules();
+
+		$p = $this->factory->post->create( array(
+			'post_status' => 'future',
+			'post_type'   => 'wptests_pt',
+			'post_date'   => strftime( '%Y-%m-%d %H:%M:%S', strtotime( '+1 day' ) )
+		) );
+
+		$non_pretty_permalink = add_query_arg( array(
+			'post_type' => 'wptests_pt',
+			'p' => $p,
+		), trailingslashit( home_url() ) );
+
+		$this->assertEquals( $non_pretty_permalink, get_permalink( $p ) );
+	}
 }
--- a/tests/phpunit/tests/query/postStatus.php
+++ b/tests/phpunit/tests/query/postStatus.php
@ -195,8 +195,7 @@ class Tests_Query_PostStatus extends WP_UnitTestCase {
 		$q = new WP_Query( array(
 			'posts_per_page' => -1,
 		) );
-global $wpdb;
-//print_r( $wpdb->get_results( "SELECT * FROM $wpdb->posts" ) );
+
 		$this->assertContains( self::$author_privatefoo_post, wp_list_pluck( $q->posts, 'ID' ) );
 		$this->assertContains( self::$editor_privatefoo_post, wp_list_pluck( $q->posts, 'ID' ) );
 	}