diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 472115e121..bff977e40c 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -1781,6 +1781,10 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { $rels[] = 'https://api.w.org/action-publish'; } + if ( current_user_can( 'unfiltered_html' ) ) { + $rels[] = 'https://api.w.org/action-unfiltered-html'; + } + if ( 'post' === $post_type->name ) { if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) { $rels[] = 'https://api.w.org/action-sticky'; @@ -2190,6 +2194,22 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { ); } + $links[] = array( + 'rel' => 'https://api.w.org/action-unfiltered-html', + 'title' => __( 'The current user can post unfiltered HTML markup and JavaScript.' ), + 'href' => $href, + 'targetSchema' => array( + 'type' => 'object', + 'properties' => array( + 'content' => array( + 'raw' => array( + 'type' => 'string', + ), + ), + ), + ), + ); + if ( 'post' === $this->post_type ) { $links[] = array( 'rel' => 'https://api.w.org/action-sticky', diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index 0de10c9651..ded82940ee 100644 --- a/tests/phpunit/tests/rest-api/rest-posts-controller.php +++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php @@ -3992,6 +3992,42 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertArrayHasKey( 'https://api.w.org/action-assign-tags', $links ); } + public function test_assign_unfiltered_html_action_superadmin() { + $post_id = self::factory()->post->create(); + wp_set_current_user( self::$superadmin_id ); + $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id ); + $request->set_param( 'context', 'edit' ); + $response = rest_do_request( $request ); + $links = $response->get_links(); + $this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links ); + } + + public function test_assign_unfiltered_html_action_editor() { + $post_id = self::factory()->post->create(); + wp_set_current_user( self::$editor_id ); + $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id ); + $request->set_param( 'context', 'edit' ); + $response = rest_do_request( $request ); + $links = $response->get_links(); + // Editors can only unfiltered html on single site. + if ( is_multisite() ) { + $this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links ); + } else { + $this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links ); + } + } + + public function test_assign_unfiltered_html_action_author() { + $post_id = self::factory()->post->create(); + wp_set_current_user( self::$author_id ); + $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id ); + $request->set_param( 'context', 'edit' ); + $response = rest_do_request( $request ); + $links = $response->get_links(); + // Authors can't ever unfiltered html + $this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links ); + } + public function tearDown() { _unregister_post_type( 'youseeeme' ); if ( isset( $this->attachment_id ) ) {