search

WordPress / gutenberg

The Block Editor project for WordPress and beyond. Plugin is available from the official repository.
https://wordpress.org/gutenberg/
Other
10.46k stars 4.18k forks source link

Author blocks display author information for CPT that does not support authors #65816

Open groenroos opened 2 weeks ago

groenroos commented 2 weeks ago

Description

The various author information blocks will display the author information even when the post belongs to a Custom Post Type that does not declare author support. Because WP will still save an author into the database, this essentially leaks information that's not intended to be visible.

Sent here from https://core.trac.wordpress.org/ticket/62152

Step-by-step reproduction instructions

  1. Create a custom post type and specify that it does not support author
  2. Create a new post of that post type
  3. View that post on the front end
  4. The author is shown on the page, even though the post type does not support author

Screenshots, screen recording, code snippet

Screenshot (Twenty Twenty-Four)

Screenshot 2024-10-02 at 09 45 17

CPT declaration

add_action( 'init', function() {
    register_post_type( 'custom-post', array(
        'public' => true,
        'supports' => array(
            0 => 'title',
            1 => 'editor',
            2 => 'custom-fields',
            /* No support for 'author' declared */
        ),
        'delete_with_user' => false,
    ) );
} );

Environment info

Please confirm that you have searched existing issues in the repo.

Please confirm that you have tested with all plugins deactivated except Gutenberg.

dhruvang21 commented 2 weeks ago

Hello @carolinan,

i suggest the below diff as the solution for this issue:- 

diff --git a/packages/block-library/src/post-author-name/index.php b/packages/block-library/src/post-author-name/index.php
index effc83962a..367ba2da28 100644
--- a/packages/block-library/src/post-author-name/index.php
+++ b/packages/block-library/src/post-author-name/index.php
@@ -26,6 +26,10 @@ function render_block_core_post_author_name( $attributes, $content, $block ) {
                return '';
        }

+       if ( ! post_type_supports( get_post_type( $block->context['postId'] ), 'author' ) ) {
+               return '';
+       }
+
        $author_name = get_the_author_meta( 'display_name', $author_id );
        if ( isset( $attributes['isLink'] ) && $attributes['isLink'] ) {
                $author_name = sprintf( '<a href="%1$s" target="%2$s" class="wp-block-post-author-name__link">%3$s</a>', get_author_posts_url( $author_id ), esc_attr( $attributes['linkTarget'] ), $author_name );
diff --git a/packages/block-library/src/post-author/index.php b/packages/block-library/src/post-author/index.php
index faf894d997..ae902e8a02 100644
--- a/packages/block-library/src/post-author/index.php
+++ b/packages/block-library/src/post-author/index.php
@@ -26,6 +26,10 @@ function render_block_core_post_author( $attributes, $content, $block ) {
                return '';
        }

+       if ( ! post_type_supports( get_post_type( $block->context['postId'] ), 'author' ) ) {
+               return '';
+       }
+
        $avatar = ! empty( $attributes['avatarSize'] ) ? get_avatar(
                $author_id,
                $attributes['avatarSize']

I still believe this is not the complete solution, as we need to inform users that the block will not render if the CPT (Custom Post Type) does not support the author feature. After applying the above patch, the result can be seen in the attached screenshot.

Image

Let me know your thoughts!

dhruvang21 commented 2 weeks ago

To remove the " - by" text, I believe we also need to add the same condition in the hidden-post-meta.php in the theme file. However, since there aren’t any PHP conditions used in the files inside the patterns folder, I’m unsure if that would be the appropriate solution.