REST API: Capability check for editing a single term should use the singular form.

As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.



git-svn-id: https://develop.svn.wordpress.org/trunk@39464 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/capabilities.php

@@ -427,7 +427,7 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'edit_term':
 	case 'delete_term':
 	case 'assign_term':
-		$term_id = $args[0];
+		$term_id = (int) $args[0];
 		$term = get_term( $term_id );
 		if ( ! $term || is_wp_error( $term ) ) {
 			$caps[] = 'do_not_allow';

src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php

@@ -288,7 +288,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
 	}
 
 	/**
-	 * Checks if a request has access to read the specified term.
+	 * Checks if a request has access to read or edit the specified term.
 	 *
 	 * @since 4.7.0
 	 * @access public
@@ -301,8 +301,8 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
 		if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
 			return false;
 		}
-		if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) {
-			return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) );
+		if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', (int) $request['id'] ) ) {
+			return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) );
 		}
 		return true;
 	}