REST API: Only expose formats supported by the current theme.

While it's valid to save any format to the database, and WordPress is totally fine with that, we should only include the formats specified by the theme in the schema. Props danielbachhuber. Fixes #38610. git-svn-id: https://develop.svn.wordpress.org/trunk@39084 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-02 03:36:40 +00:00 · 2016-11-02 03:36:40 +00:00 · 011e0b99a1
commit 011e0b99a1
parent c91b3de690
2 changed files with 51 additions and 1 deletions
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@ -1923,10 +1923,11 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
 					break;

 				case 'post-formats':
+					$supports_formats = get_theme_support( 'post-formats' );
 					$schema['properties']['format'] = array(
 						'description' => __( 'The format for the object.' ),
 						'type'        => 'string',
-						'enum'        => array_values( get_post_format_slugs() ),
+						'enum'        => $supports_formats ? array_values( $supports_formats[0] ) : array(),
 						'context'     => array( 'view', 'edit' ),
 					);
 					break;
--- a/tests/phpunit/tests/rest-api/rest-posts-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php
@ -16,6 +16,8 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 	protected static $author_id;
 	protected static $contributor_id;

+	protected static $supported_formats;
+
 	public static function wpSetUpBeforeClass( $factory ) {
 		self::$post_id = $factory->post->create();

@ -28,9 +30,20 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		self::$contributor_id = $factory->user->create( array(
 			'role' => 'contributor',
 		) );
+
+		// Only support 'post' and 'gallery'
+		self::$supported_formats = get_theme_support( 'post-formats' );
+		add_theme_support( 'post-formats', array( 'post', 'gallery' ) );
 	}

 	public static function wpTearDownAfterClass() {
+		// Restore theme support for formats.
+		if ( self::$supported_formats ) {
+			add_theme_support( 'post-formats', self::$supported_formats );
+		} else {
+			remove_theme_support( 'post-formats' );
+		}
+
 		wp_delete_post( self::$post_id, true );

 		self::delete_user( self::$editor_id );
@ -1078,6 +1091,24 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
 	}

+	/**
+	 * Test with a valid format, but one unsupported by the theme.
+	 *
+	 * https://core.trac.wordpress.org/ticket/38610
+	 */
+	public function test_create_post_with_unsupported_format() {
+		wp_set_current_user( self::$editor_id );
+
+		$request = new WP_REST_Request( 'POST', '/wp/v2/posts' );
+		$params = $this->set_post_data( array(
+			'format' => 'link',
+		) );
+		$request->set_body_params( $params );
+		$response = $this->server->dispatch( $request );
+
+		$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
+	}
+
 	public function test_create_update_post_with_featured_media() {

 		$file = DIR_TESTDATA . '/images/canola.jpg';
@ -1497,6 +1528,24 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
 	}

+	/**
+	 * Test with a valid format, but one unsupported by the theme.
+	 *
+	 * https://core.trac.wordpress.org/ticket/38610
+	 */
+	public function test_update_post_with_unsupported_format() {
+		wp_set_current_user( self::$editor_id );
+
+		$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
+		$params = $this->set_post_data( array(
+			'format' => 'link',
+		) );
+		$request->set_body_params( $params );
+		$response = $this->server->dispatch( $request );
+
+		$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
+	}
+
 	public function test_update_post_ignore_readonly() {
 		wp_set_current_user( self::$editor_id );