Hack: Making private Wordpress entries private (for Wordpress v. 2.3.x)
Wednesday, January 30th, 2008Private entries in Wordpress are private in the same sense that an unlisted telephone number is private. If someone else knows, or can guess, the URL, then they can view the entry.
Below, between the dashed-line comments, is a conditional snippet (for wp-includes/query.php) that will prevent private entries from being visible to the general public.
function &get_posts() {
[...]
} elseif ( !$this->is_singular ) {
$where .= " AND (post_status = 'publish'";
if ( is_admin() )
$where .= " OR post_status = 'future' OR post_status = 'draft' OR post_status = 'pending'";
if ( is_user_logged_in() ) {
$where .= current_user_can( "read_private_{$post_type}s" ) ? " OR post_status = 'private'" : " OR post_author = $user_ID AND post_status = 'private'";
}
$where .= ')';
}
//---------------------------
if ($user_ID < 1) {
$where .= " AND post_status != 'private'";
}
//---------------------------
// Apply filters on where and join prior to paging so that any
// manipulations to them are reflected in the paging by day queries.
$where = apply_filters('posts_where', $where);
$join = apply_filters('posts_join', $join);
[...]