REST API: Validate posts status enum

Currently we are using a different validate callback, so the `enum` is not interpretted. We just have to fallback to the result of `rest_validate_request_arg` in our custom wrapper function.

Fixes #38417.


git-svn-id: https://develop.svn.wordpress.org/trunk@38911 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Joe Hoyle 2016-10-25 17:12:18 +00:00
parent 57aec4798f
commit 6d8e277152
2 changed files with 10 additions and 2 deletions

View File

@ -1947,11 +1947,11 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
*/ */
public function validate_user_can_query_private_statuses( $value, $request, $parameter ) { public function validate_user_can_query_private_statuses( $value, $request, $parameter ) {
if ( 'publish' === $value ) { if ( 'publish' === $value ) {
return true; return rest_validate_request_arg( $value, $request, $parameter );
} }
$post_type_obj = get_post_type_object( $this->post_type ); $post_type_obj = get_post_type_object( $this->post_type );
if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
return true; return rest_validate_request_arg( $value, $request, $parameter );
} }
return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) ); return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );
} }

View File

@ -240,6 +240,14 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertEquals( 1, count( $response->get_data() ) ); $this->assertEquals( 1, count( $response->get_data() ) );
} }
public function test_get_items_invalid_status_query() {
wp_set_current_user( 0 );
$request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
$request->set_param( 'status', 'invalid' );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
}
public function test_get_items_status_without_permissions() { public function test_get_items_status_without_permissions() {
$draft_id = $this->factory->post->create( array( $draft_id = $this->factory->post->create( array(
'post_status' => 'draft', 'post_status' => 'draft',