The version 2.3.1 security update appears to require custom post types to have public=true in order to be favorited. While I understand the rationale behind this, there are certain narrow circumstances in which it's appropriate for a custom post type to have public=false, but publicly_queryable=true; this is the scenario I'm running into with one of my projects.
Would there by any negative security implications to modifying the plugin to require publicly_queryable=true rather than public=true for posts to be favoritable? (I believe this is enforced in PostTypeRepository.php)
Hi.
The version 2.3.1 security update appears to require custom post types to have public=true in order to be favorited. While I understand the rationale behind this, there are certain narrow circumstances in which it's appropriate for a custom post type to have public=false, but publicly_queryable=true; this is the scenario I'm running into with one of my projects.
Would there by any negative security implications to modifying the plugin to require publicly_queryable=true rather than public=true for posts to be favoritable? (I believe this is enforced in PostTypeRepository.php)
Thanks,