kylephillips / favorites

Simple and flexible favorite buttons for any WordPress post type.
https://favoriteposts.com
224 stars 85 forks source link

Version 2.3.1 security update prevents some public post types from being favorited #126

Open DavidJProkopetz opened 5 years ago

DavidJProkopetz commented 5 years ago

Hi.

The version 2.3.1 security update appears to require custom post types to have public=true in order to be favorited. While I understand the rationale behind this, there are certain narrow circumstances in which it's appropriate for a custom post type to have public=false, but publicly_queryable=true; this is the scenario I'm running into with one of my projects.

Would there by any negative security implications to modifying the plugin to require publicly_queryable=true rather than public=true for posts to be favoritable? (I believe this is enforced in PostTypeRepository.php)

Thanks,