From 541dbb2711fa74e990d1d98d082cd608aae4c4de Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Tue, 15 Sep 2015 10:27:29 +0000
Subject: [PATCH] Remove the ability to view the post listing screen and post
 editing screen for post types with `show_ui` set to `false`. It is unexpected
 and unintended behaviour that this is allowed.

If your plugin or site does rely on this behaviour, the arguments that are passed to `register_post_type()` should be altered so that `show_ui` is `true`, and arguments such as `show_in_menu`, `show_in_nav_menus`, and `show_in_admin_bar` are `false`.

Fixes #33763
Props swissspidy, johnbillion

Built from https://develop.svn.wordpress.org/trunk@34177


git-svn-id: http://core.svn.wordpress.org/trunk@34145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/edit.php             | 4 ++++
 wp-admin/post.php             | 4 ++++
 wp-includes/link-template.php | 4 ++++
 wp-includes/version.php       | 2 +-
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index 782b61dc42..b24684691d 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -12,6 +12,10 @@ require_once( dirname( __FILE__ ) . '/admin.php' );
 if ( ! $typenow )
 	wp_die( __( 'Invalid post type' ) );
 
+if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) {
+	wp_die( __( 'You are not allowed to edit posts in this post type.' ) );
+}
+
 if ( 'attachment' === $typenow ) {
 	if ( wp_redirect( admin_url( 'upload.php' ) ) ) {
 		exit;
diff --git a/wp-admin/post.php b/wp-admin/post.php
index 2fcef19ba2..ba43eb1c2b 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -109,6 +109,10 @@ case 'edit':
 	if ( ! $post_type_object )
 		wp_die( __( 'Unknown post type.' ) );
 
+	if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) {
+		wp_die( __( 'You are not allowed to edit posts in this post type.' ) );
+	}
+
 	if ( ! current_user_can( 'edit_post', $post_id ) )
 		wp_die( __( 'You are not allowed to edit this item.' ) );
 
diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php
index ce041a05b5..fcaa834886 100644
--- a/wp-includes/link-template.php
+++ b/wp-includes/link-template.php
@@ -1228,6 +1228,10 @@ function get_edit_post_link( $id = 0, $context = 'display' ) {
 	if ( !current_user_can( 'edit_post', $post->ID ) )
 		return;
 
+	if ( ! in_array( $post->post_type, get_post_types( array( 'show_ui' => true ) ) ) ) {
+		return;
+	}
+
 	/**
 	 * Filter the post edit link.
 	 *
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 2c00565d05..ee02408f74 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-alpha-34176';
+$wp_version = '4.4-alpha-34177';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.