diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 05489359da..5aa7c78b72 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -1288,7 +1288,9 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { // Can we read the parent if we're inheriting? if ( 'inherit' === $post->post_status && $post->post_parent > 0 ) { $parent = get_post( $post->post_parent ); - return $this->check_read_permission( $parent ); + if ( $parent ) { + return $this->check_read_permission( $parent ); + } } /* diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index a7147f250a..98a079b65b 100644 --- a/tests/phpunit/tests/rest-api/rest-attachments-controller.php +++ b/tests/phpunit/tests/rest-api/rest-attachments-controller.php @@ -480,6 +480,31 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $this->assertEquals( 403, $response->get_status() ); } + public function test_get_item_inherit_status_with_invalid_parent() { + $attachment_id = $this->factory->attachment->create_object( $this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array( + 'post_mime_type' => 'image/jpeg', + 'post_excerpt' => 'A sample caption', + ) ); + $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/media/%d', $attachment_id ) ); + $response = $this->server->dispatch( $request ); + $data = $response->get_data(); + + $this->assertEquals( 200, $response->get_status() ); + $this->assertEquals( $attachment_id, $data['id'] ); + } + + public function test_get_item_auto_status_with_invalid_parent_returns_error() { + $attachment_id = $this->factory->attachment->create_object( $this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array( + 'post_mime_type' => 'image/jpeg', + 'post_excerpt' => 'A sample caption', + 'post_status' => 'auto-draft', + ) ); + $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/media/%d', $attachment_id ) ); + $response = $this->server->dispatch( $request ); + + $this->assertErrorResponse( 'rest_forbidden', $response, 403 ); + } + public function test_create_item() { wp_set_current_user( self::$author_id );