Fix post search

[toolstack]

Search uses tokens for authentication so check to see if we have a current token in addition to a logged in user.

Cleanup the parameter passing to $this->get_posts() as well as otherwise some values can be set to null which break wp_getposts() in some circumstances.

[akirk]

Search uses tokens for authentication so check to see if we have a current token in addition to a logged in user.

To be honest, it's been a while since I touched this part of the code but when the user has a token they should be logged in, no?

[toolstack]

To be honest, it's been a while since I touched this part of the code but when the user has a token they should be logged in, no?

I think so now, but when I wrote this I was still getting used to the codebase and this was the solution I came up with. Let me double check it and swap over to the logged in user call if it works.

[toolstack]

Ok, I double checked it and no, during a token auth session the wp user is not set:

enable-mastodon-apps/includes/class-mastodon-api.php

Lines 777 to 787 in fafa413

	public function have_token_permission( $request ) {
	$this->allow_cors();
	$token = $this->oauth->get_token();
	if ( ! $token ) {
	return is_user_logged_in();
	}
	OAuth2\AccessTokenStorage::was_used( $token['access_token'] );
	$this->app = Mastodon_App::get_by_client_id( $token['client_id'] );
	$this->app->was_used( $request );
	return true;
	}

I think it should be though, so I'll change the PR to add that code just above the was_used() call like it is in the logged in session.

[toolstack]

In fact, looking a little deeper, have_token_permission() is only used for search, not anywhere else and adding the login code makes it identical to logged_in_permission(), so I think we should simply remove have_token_permission() and switch search over to logged_in_permission().