From c4360e54b20b0807a6e5def40520a44e453e8d21 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <pento@git.wordpress.org>
Date: Sat, 3 Dec 2016 05:07:03 +0000
Subject: [PATCH] REST API: Capability check for editing a single term should
 use the singular form.

As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.



git-svn-id: https://develop.svn.wordpress.org/trunk@39464 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/capabilities.php                            | 2 +-
 .../rest-api/endpoints/class-wp-rest-terms-controller.php   | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php
index b5bb5b3567..c1e644a85f 100644
--- a/src/wp-includes/capabilities.php
+++ b/src/wp-includes/capabilities.php
@@ -427,7 +427,7 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'edit_term':
 	case 'delete_term':
 	case 'assign_term':
-		$term_id = $args[0];
+		$term_id = (int) $args[0];
 		$term = get_term( $term_id );
 		if ( ! $term || is_wp_error( $term ) ) {
 			$caps[] = 'do_not_allow';
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
index 130fe3d024..6ca86ca155 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
@@ -288,7 +288,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
 	}
 
 	/**
-	 * Checks if a request has access to read the specified term.
+	 * Checks if a request has access to read or edit the specified term.
 	 *
 	 * @since 4.7.0
 	 * @access public
@@ -301,8 +301,8 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
 		if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
 			return false;
 		}
-		if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) {
-			return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) );
+		if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', (int) $request['id'] ) ) {
+			return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) );
 		}
 		return true;
 	}