From e8a311ed02ff84978988696b3a7c16bb3d2c3dac Mon Sep 17 00:00:00 2001 From: Joe Hoyle Date: Tue, 25 Oct 2016 17:13:28 +0000 Subject: [PATCH] REST API: Validate posts status enum Currently we are using a different validate callback, so the `enum` is not interpretted. We just have to fallback to the result of `rest_validate_request_arg` in our custom wrapper function. Fixes #38417. Built from https://develop.svn.wordpress.org/trunk@38911 git-svn-id: http://core.svn.wordpress.org/trunk@38854 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- .../rest-api/endpoints/class-wp-rest-posts-controller.php | 4 ++-- wp-includes/version.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 9d7f85a8a7..6812c13dd6 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -1947,11 +1947,11 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { */ public function validate_user_can_query_private_statuses( $value, $request, $parameter ) { if ( 'publish' === $value ) { - return true; + return rest_validate_request_arg( $value, $request, $parameter ); } $post_type_obj = get_post_type_object( $this->post_type ); if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { - return true; + return rest_validate_request_arg( $value, $request, $parameter ); } return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 649d033976..43fec1bf22 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.7-alpha-38910'; +$wp_version = '4.7-alpha-38911'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.