REST API: Validate posts status enum
Currently we are using a different validate callback, so the `enum` is not interpretted. We just have to fallback to the result of `rest_validate_request_arg` in our custom wrapper function. Fixes #38417. git-svn-id: https://develop.svn.wordpress.org/trunk@38911 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
57aec4798f
commit
6d8e277152
@ -1947,11 +1947,11 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
|||||||
*/
|
*/
|
||||||
public function validate_user_can_query_private_statuses( $value, $request, $parameter ) {
|
public function validate_user_can_query_private_statuses( $value, $request, $parameter ) {
|
||||||
if ( 'publish' === $value ) {
|
if ( 'publish' === $value ) {
|
||||||
return true;
|
return rest_validate_request_arg( $value, $request, $parameter );
|
||||||
}
|
}
|
||||||
$post_type_obj = get_post_type_object( $this->post_type );
|
$post_type_obj = get_post_type_object( $this->post_type );
|
||||||
if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
|
if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
|
||||||
return true;
|
return rest_validate_request_arg( $value, $request, $parameter );
|
||||||
}
|
}
|
||||||
return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
@ -240,6 +240,14 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
|
|||||||
$this->assertEquals( 1, count( $response->get_data() ) );
|
$this->assertEquals( 1, count( $response->get_data() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_get_items_invalid_status_query() {
|
||||||
|
wp_set_current_user( 0 );
|
||||||
|
$request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
|
||||||
|
$request->set_param( 'status', 'invalid' );
|
||||||
|
$response = $this->server->dispatch( $request );
|
||||||
|
$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
|
||||||
|
}
|
||||||
|
|
||||||
public function test_get_items_status_without_permissions() {
|
public function test_get_items_status_without_permissions() {
|
||||||
$draft_id = $this->factory->post->create( array(
|
$draft_id = $this->factory->post->create( array(
|
||||||
'post_status' => 'draft',
|
'post_status' => 'draft',
|
||||||
|
Loading…
Reference in New Issue
Block a user