REST API: Return an error if the page number is out of bounds.

Return an error from the REST API if a page number larger than the total pages count is requested. Props morganestes. Fixes #39061. git-svn-id: https://develop.svn.wordpress.org/trunk@39967 602fd350-edb4-49c9-b593-d223f7449a82
2017-01-26 13:52:06 +00:00 · 2017-01-26 13:52:06 +00:00 · 38b400c4d7
parent a96089e8e6
commit 38b400c4d7
2 changed files with 16 additions and 0 deletions
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@ -327,6 +327,11 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
 		}

 		$max_pages = ceil( $total_posts / (int) $posts_query->query_vars['posts_per_page'] );
+
+		if ( $page > $max_pages && $total_posts > 0 ) {
+			return new WP_Error( 'rest_post_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) );
+		}
+
 		$response  = rest_ensure_response( $posts );

 		$response->header( 'X-WP-Total', (int) $total_posts );
--- a/tests/phpunit/tests/rest-api/rest-posts-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php
@ -827,6 +827,17 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
 	}

+	/**
+	 * @ticket 39061
+	 */
+	public function test_get_items_invalid_max_pages() {
+		// Out of bounds
+		$request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+		$request->set_param( 'page', REST_TESTS_IMPOSSIBLY_HIGH_NUMBER );
+		$response = $this->server->dispatch( $request );
+		$this->assertErrorResponse( 'rest_post_invalid_page_number', $response, 400 );
+	}
+
 	public function test_get_items_invalid_context() {
 		$request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
 		$request->set_param( 'context', 'banana' );