Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
c840eb9da2 |
@@ -44,10 +44,7 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
</h2>
|
||||
|
||||
<div class="changelog point-releases">
|
||||
<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
|
||||
<p><?php printf( __( '<strong>Version %s</strong> addressed some security issues.' ), '4.7.2' ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.7.2' ); ?>
|
||||
</p>
|
||||
<h3><?php _e( 'Maintenance and Security Release' ); ?></h3>
|
||||
<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
|
||||
'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 62 ), '4.7.1', number_format_i18n( 62 ) ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_4.7.1' ); ?>
|
||||
|
||||
@@ -955,7 +955,7 @@ class WP_Posts_List_Table extends WP_List_Table {
|
||||
echo "</strong>\n";
|
||||
|
||||
if ( ! is_post_type_hierarchical( $this->screen->post_type ) && 'excerpt' === $mode && current_user_can( 'read_post', $post->ID ) ) {
|
||||
echo esc_html( get_the_excerpt() );
|
||||
the_excerpt();
|
||||
}
|
||||
|
||||
get_inline_data( $post );
|
||||
|
||||
@@ -119,28 +119,10 @@ class WP_Press_This {
|
||||
'post_type' => 'post',
|
||||
'post_status' => 'draft',
|
||||
'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
|
||||
'tax_input' => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(),
|
||||
'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(),
|
||||
);
|
||||
|
||||
// Only accept categories if the user actually can assign
|
||||
$category_tax = get_taxonomy( 'category' );
|
||||
if ( current_user_can( $category_tax->cap->assign_terms ) ) {
|
||||
$post_data['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array();
|
||||
}
|
||||
|
||||
// Only accept taxonomies if the user can actually assign
|
||||
if ( ! empty( $_POST['tax_input'] ) ) {
|
||||
$tax_input = $_POST['tax_input'];
|
||||
foreach ( $tax_input as $tax => $_ti ) {
|
||||
$tax_object = get_taxonomy( $tax );
|
||||
if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) {
|
||||
unset( $tax_input[ $tax ] );
|
||||
}
|
||||
}
|
||||
|
||||
$post_data['tax_input'] = $tax_input;
|
||||
}
|
||||
|
||||
// Toggle status to pending if user cannot actually publish
|
||||
if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
|
||||
if ( current_user_can( 'publish_posts' ) ) {
|
||||
$post_data['post_status'] = 'publish';
|
||||
@@ -471,7 +453,7 @@ class WP_Press_This {
|
||||
* @since 4.2.0
|
||||
*
|
||||
* @param string $src Embed source URL.
|
||||
* @return string If not from a supported provider, an empty string. Otherwise, a reformatted embed URL.
|
||||
* @return string If not from a supported provider, an empty string. Otherwise, a reformattd embed URL.
|
||||
*/
|
||||
private function _limit_embed( $src ) {
|
||||
$src = $this->_limit_url( $src );
|
||||
@@ -871,12 +853,6 @@ class WP_Press_This {
|
||||
public function categories_html( $post ) {
|
||||
$taxonomy = get_taxonomy( 'category' );
|
||||
|
||||
// Bail if user cannot assign terms
|
||||
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Only show "add" if user can edit terms
|
||||
if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
|
||||
?>
|
||||
<button type="button" class="add-cat-toggle button-link" aria-expanded="false">
|
||||
@@ -1296,12 +1272,6 @@ class WP_Press_This {
|
||||
wp_enqueue_script( 'json2' );
|
||||
wp_enqueue_script( 'editor' );
|
||||
|
||||
$categories_tax = get_taxonomy( 'category' );
|
||||
$show_categories = current_user_can( $categories_tax->cap->assign_terms ) || current_user_can( $categories_tax->cap->edit_terms );
|
||||
|
||||
$tag_tax = get_taxonomy( 'post_tag' );
|
||||
$show_tags = current_user_can( $tag_tax->cap->assign_terms );
|
||||
|
||||
$supports_formats = false;
|
||||
$post_format = 0;
|
||||
|
||||
@@ -1453,21 +1423,17 @@ class WP_Press_This {
|
||||
</button>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ( $show_categories ) : ?>
|
||||
<button type="button" class="button-link post-option">
|
||||
<span class="dashicons dashicons-category"></span>
|
||||
<span class="post-option-title"><?php _e( 'Categories' ); ?></span>
|
||||
<span class="dashicons post-option-forward"></span>
|
||||
</button>
|
||||
<?php endif; ?>
|
||||
<button type="button" class="button-link post-option">
|
||||
<span class="dashicons dashicons-category"></span>
|
||||
<span class="post-option-title"><?php _e( 'Categories' ); ?></span>
|
||||
<span class="dashicons post-option-forward"></span>
|
||||
</button>
|
||||
|
||||
<?php if ( $show_tags ) : ?>
|
||||
<button type="button" class="button-link post-option">
|
||||
<span class="dashicons dashicons-tag"></span>
|
||||
<span class="post-option-title"><?php _e( 'Tags' ); ?></span>
|
||||
<span class="dashicons post-option-forward"></span>
|
||||
</button>
|
||||
<?php endif; ?>
|
||||
<button type="button" class="button-link post-option">
|
||||
<span class="dashicons dashicons-tag"></span>
|
||||
<span class="post-option-title"><?php _e( 'Tags' ); ?></span>
|
||||
<span class="dashicons post-option-forward"></span>
|
||||
</button>
|
||||
</div>
|
||||
|
||||
<?php if ( $supports_formats ) : ?>
|
||||
@@ -1481,27 +1447,23 @@ class WP_Press_This {
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ( $show_categories ) : ?>
|
||||
<div class="setting-modal is-off-screen is-hidden">
|
||||
<button type="button" class="button-link modal-close">
|
||||
<span class="dashicons post-option-back"></span>
|
||||
<span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
|
||||
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
|
||||
</button>
|
||||
<?php $this->categories_html( $post ); ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<div class="setting-modal is-off-screen is-hidden">
|
||||
<button type="button" class="button-link modal-close">
|
||||
<span class="dashicons post-option-back"></span>
|
||||
<span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
|
||||
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
|
||||
</button>
|
||||
<?php $this->categories_html( $post ); ?>
|
||||
</div>
|
||||
|
||||
<?php if ( $show_tags ) : ?>
|
||||
<div class="setting-modal tags is-off-screen is-hidden">
|
||||
<button type="button" class="button-link modal-close">
|
||||
<span class="dashicons post-option-back"></span>
|
||||
<span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
|
||||
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
|
||||
</button>
|
||||
<?php $this->tags_html( $post ); ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<div class="setting-modal tags is-off-screen is-hidden">
|
||||
<button type="button" class="button-link modal-close">
|
||||
<span class="dashicons post-option-back"></span>
|
||||
<span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
|
||||
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
|
||||
</button>
|
||||
<?php $this->tags_html( $post ); ?>
|
||||
</div>
|
||||
</div><!-- .options-panel -->
|
||||
</div><!-- .wrapper -->
|
||||
|
||||
|
||||
@@ -191,11 +191,12 @@ final class WP_Comment {
|
||||
public static function get_instance( $id ) {
|
||||
global $wpdb;
|
||||
|
||||
$comment_id = (int) $id;
|
||||
if ( ! $comment_id ) {
|
||||
if ( ! is_numeric( $id ) || $id != floor( $id ) || ! $id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$comment_id = (int) $id;
|
||||
|
||||
$_comment = wp_cache_get( $comment_id, 'comment' );
|
||||
|
||||
if ( ! $_comment ) {
|
||||
|
||||
@@ -210,11 +210,12 @@ final class WP_Post {
|
||||
public static function get_instance( $post_id ) {
|
||||
global $wpdb;
|
||||
|
||||
$post_id = (int) $post_id;
|
||||
if ( ! $post_id ) {
|
||||
if ( ! is_numeric( $post_id ) || $post_id != floor( $post_id ) || ! $post_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$post_id = (int) $post_id;
|
||||
|
||||
$_post = wp_cache_get( $post_id, 'posts' );
|
||||
|
||||
if ( ! $_post ) {
|
||||
|
||||
@@ -2255,12 +2255,12 @@ class WP_Query {
|
||||
if ( empty( $in_search_post_types ) ) {
|
||||
$where .= ' AND 1=0 ';
|
||||
} else {
|
||||
$where .= " AND {$wpdb->posts}.post_type IN ('" . join( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')";
|
||||
$where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", $in_search_post_types ) . "')";
|
||||
}
|
||||
} elseif ( !empty( $post_type ) && is_array( $post_type ) ) {
|
||||
$where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", esc_sql( $post_type ) ) . "')";
|
||||
$where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", $post_type) . "')";
|
||||
} elseif ( ! empty( $post_type ) ) {
|
||||
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type );
|
||||
$where .= " AND {$wpdb->posts}.post_type = '$post_type'";
|
||||
$post_type_object = get_post_type_object ( $post_type );
|
||||
} elseif ( $this->is_attachment ) {
|
||||
$where .= " AND {$wpdb->posts}.post_type = 'attachment'";
|
||||
|
||||
@@ -125,11 +125,12 @@ final class WP_Term {
|
||||
public static function get_instance( $term_id, $taxonomy = null ) {
|
||||
global $wpdb;
|
||||
|
||||
$term_id = (int) $term_id;
|
||||
if ( ! $term_id ) {
|
||||
if ( ! is_numeric( $term_id ) || $term_id != floor( $term_id ) || ! $term_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$term_id = (int) $term_id;
|
||||
|
||||
$_term = wp_cache_get( $term_id, 'terms' );
|
||||
|
||||
// If there isn't a cached version, hit the database.
|
||||
|
||||
@@ -46,13 +46,6 @@ function register_rest_route( $namespace, $route, $args = array(), $override = f
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( isset( $args['args'] ) ) {
|
||||
$common_args = $args['args'];
|
||||
unset( $args['args'] );
|
||||
} else {
|
||||
$common_args = array();
|
||||
}
|
||||
|
||||
if ( isset( $args['callback'] ) ) {
|
||||
// Upgrade a single set to multiple.
|
||||
$args = array( $args );
|
||||
@@ -64,13 +57,12 @@ function register_rest_route( $namespace, $route, $args = array(), $override = f
|
||||
'args' => array(),
|
||||
);
|
||||
foreach ( $args as $key => &$arg_group ) {
|
||||
if ( ! is_numeric( $key ) ) {
|
||||
if ( ! is_numeric( $arg_group ) ) {
|
||||
// Route option, skip here.
|
||||
continue;
|
||||
}
|
||||
|
||||
$arg_group = array_merge( $defaults, $arg_group );
|
||||
$arg_group['args'] = array_merge( $common_args, $arg_group['args'] );
|
||||
}
|
||||
|
||||
$full_route = '/' . trim( $namespace, '/' ) . '/' . trim( $route, '/' );
|
||||
|
||||
@@ -63,12 +63,6 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||
) );
|
||||
|
||||
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
|
||||
'args' => array(
|
||||
'id' => array(
|
||||
'description' => __( 'Unique identifier for the object.' ),
|
||||
'type' => 'integer',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_item' ),
|
||||
@@ -305,36 +299,6 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the comment, if the ID is valid.
|
||||
*
|
||||
* @since 4.7.2
|
||||
*
|
||||
* @param int $id Supplied ID.
|
||||
* @return WP_Comment|WP_Error Comment object if ID is valid, WP_Error otherwise.
|
||||
*/
|
||||
protected function get_comment( $id ) {
|
||||
$error = new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
|
||||
if ( (int) $id <= 0 ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
$id = (int) $id;
|
||||
$comment = get_comment( $id );
|
||||
if ( empty( $comment ) ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
if ( ! empty( $comment->comment_post_ID ) ) {
|
||||
$post = get_post( (int) $comment->comment_post_ID );
|
||||
if ( empty( $post ) ) {
|
||||
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
}
|
||||
|
||||
return $comment;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a given request has access to read the comment.
|
||||
*
|
||||
@@ -345,9 +309,12 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||
* @return WP_Error|bool True if the request has read access for the item, error object otherwise.
|
||||
*/
|
||||
public function get_item_permissions_check( $request ) {
|
||||
$comment = $this->get_comment( $request['id'] );
|
||||
if ( is_wp_error( $comment ) ) {
|
||||
return $comment;
|
||||
$id = (int) $request['id'];
|
||||
|
||||
$comment = get_comment( $id );
|
||||
|
||||
if ( ! $comment ) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) {
|
||||
@@ -377,9 +344,18 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
|
||||
*/
|
||||
public function get_item( $request ) {
|
||||
$comment = $this->get_comment( $request['id'] );
|
||||
if ( is_wp_error( $comment ) ) {
|
||||
return $comment;
|
||||
$id = (int) $request['id'];
|
||||
|
||||
$comment = get_comment( $id );
|
||||
if ( empty( $comment ) ) {
|
||||
return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
if ( ! empty( $comment->comment_post_ID ) ) {
|
||||
$post = get_post( $comment->comment_post_ID );
|
||||
if ( empty( $post ) ) {
|
||||
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
}
|
||||
|
||||
$data = $this->prepare_item_for_response( $comment, $request );
|
||||
@@ -648,12 +624,12 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||
* @return WP_Error|bool True if the request has access to update the item, error object otherwise.
|
||||
*/
|
||||
public function update_item_permissions_check( $request ) {
|
||||
$comment = $this->get_comment( $request['id'] );
|
||||
if ( is_wp_error( $comment ) ) {
|
||||
return $comment;
|
||||
}
|
||||
|
||||
if ( ! $this->check_edit_permission( $comment ) ) {
|
||||
$id = (int) $request['id'];
|
||||
|
||||
$comment = get_comment( $id );
|
||||
|
||||
if ( $comment && ! $this->check_edit_permission( $comment ) ) {
|
||||
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
@@ -670,12 +646,13 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
|
||||
*/
|
||||
public function update_item( $request ) {
|
||||
$comment = $this->get_comment( $request['id'] );
|
||||
if ( is_wp_error( $comment ) ) {
|
||||
return $comment;
|
||||
}
|
||||
$id = (int) $request['id'];
|
||||
|
||||
$id = $comment->comment_ID;
|
||||
$comment = get_comment( $id );
|
||||
|
||||
if ( empty( $comment ) ) {
|
||||
return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) {
|
||||
return new WP_Error( 'rest_comment_invalid_type', __( 'Sorry, you are not allowed to change the comment type.' ), array( 'status' => 404 ) );
|
||||
@@ -767,9 +744,11 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||
* @return WP_Error|bool True if the request has access to delete the item, error object otherwise.
|
||||
*/
|
||||
public function delete_item_permissions_check( $request ) {
|
||||
$comment = $this->get_comment( $request['id'] );
|
||||
if ( is_wp_error( $comment ) ) {
|
||||
return $comment;
|
||||
$id = (int) $request['id'];
|
||||
$comment = get_comment( $id );
|
||||
|
||||
if ( ! $comment ) {
|
||||
return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
if ( ! $this->check_edit_permission( $comment ) ) {
|
||||
@@ -788,13 +767,15 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
|
||||
*/
|
||||
public function delete_item( $request ) {
|
||||
$comment = $this->get_comment( $request['id'] );
|
||||
if ( is_wp_error( $comment ) ) {
|
||||
return $comment;
|
||||
}
|
||||
|
||||
$id = (int) $request['id'];
|
||||
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
|
||||
|
||||
$comment = get_comment( $id );
|
||||
|
||||
if ( empty( $comment ) ) {
|
||||
return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters whether a comment can be trashed.
|
||||
*
|
||||
|
||||
@@ -48,12 +48,6 @@ class WP_REST_Post_Statuses_Controller extends WP_REST_Controller {
|
||||
) );
|
||||
|
||||
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<status>[\w-]+)', array(
|
||||
'args' => array(
|
||||
'status' => array(
|
||||
'description' => __( 'An alphanumeric identifier for the status.' ),
|
||||
'type' => 'string',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_item' ),
|
||||
|
||||
@@ -48,12 +48,6 @@ class WP_REST_Post_Types_Controller extends WP_REST_Controller {
|
||||
) );
|
||||
|
||||
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<type>[\w-]+)', array(
|
||||
'args' => array(
|
||||
'type' => array(
|
||||
'description' => __( 'An alphanumeric identifier for the post type.' ),
|
||||
'type' => 'string',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_item' ),
|
||||
|
||||
@@ -88,12 +88,6 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
);
|
||||
}
|
||||
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
|
||||
'args' => array(
|
||||
'id' => array(
|
||||
'description' => __( 'Unique identifier for the object.' ),
|
||||
'type' => 'integer',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_item' ),
|
||||
@@ -355,28 +349,6 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the post, if the ID is valid.
|
||||
*
|
||||
* @since 4.7.2
|
||||
*
|
||||
* @param int $id Supplied ID.
|
||||
* @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
|
||||
*/
|
||||
protected function get_post( $id ) {
|
||||
$error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
|
||||
if ( (int) $id <= 0 ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
$post = get_post( (int) $id );
|
||||
if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
return $post;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a given request has access to read a post.
|
||||
*
|
||||
@@ -387,10 +359,8 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
* @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise.
|
||||
*/
|
||||
public function get_item_permissions_check( $request ) {
|
||||
$post = $this->get_post( $request['id'] );
|
||||
if ( is_wp_error( $post ) ) {
|
||||
return $post;
|
||||
}
|
||||
|
||||
$post = get_post( (int) $request['id'] );
|
||||
|
||||
if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) {
|
||||
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
@@ -458,16 +428,18 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function get_item( $request ) {
|
||||
$post = $this->get_post( $request['id'] );
|
||||
if ( is_wp_error( $post ) ) {
|
||||
return $post;
|
||||
$id = (int) $request['id'];
|
||||
$post = get_post( $id );
|
||||
|
||||
if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
|
||||
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
$data = $this->prepare_item_for_response( $post, $request );
|
||||
$response = rest_ensure_response( $data );
|
||||
|
||||
if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) {
|
||||
$response->link_header( 'alternate', get_permalink( $post->ID ), array( 'type' => 'text/html' ) );
|
||||
$response->link_header( 'alternate', get_permalink( $id ), array( 'type' => 'text/html' ) );
|
||||
}
|
||||
|
||||
return $response;
|
||||
@@ -483,9 +455,6 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
* @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
|
||||
*/
|
||||
public function create_item_permissions_check( $request ) {
|
||||
if ( ! empty( $request['id'] ) ) {
|
||||
return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) );
|
||||
}
|
||||
|
||||
$post_type = get_post_type_object( $this->post_type );
|
||||
|
||||
@@ -622,11 +591,8 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
|
||||
*/
|
||||
public function update_item_permissions_check( $request ) {
|
||||
$post = $this->get_post( $request['id'] );
|
||||
if ( is_wp_error( $post ) ) {
|
||||
return $post;
|
||||
}
|
||||
|
||||
$post = get_post( $request['id'] );
|
||||
$post_type = get_post_type_object( $this->post_type );
|
||||
|
||||
if ( $post && ! $this->check_update_permission( $post ) ) {
|
||||
@@ -658,9 +624,11 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function update_item( $request ) {
|
||||
$valid_check = $this->get_post( $request['id'] );
|
||||
if ( is_wp_error( $valid_check ) ) {
|
||||
return $valid_check;
|
||||
$id = (int) $request['id'];
|
||||
$post = get_post( $id );
|
||||
|
||||
if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
|
||||
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
$post = $this->prepare_item_for_database( $request );
|
||||
@@ -746,10 +714,8 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
* @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
|
||||
*/
|
||||
public function delete_item_permissions_check( $request ) {
|
||||
$post = $this->get_post( $request['id'] );
|
||||
if ( is_wp_error( $post ) ) {
|
||||
return $post;
|
||||
}
|
||||
|
||||
$post = get_post( $request['id'] );
|
||||
|
||||
if ( $post && ! $this->check_delete_permission( $post ) ) {
|
||||
return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
@@ -768,14 +734,15 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function delete_item( $request ) {
|
||||
$post = $this->get_post( $request['id'] );
|
||||
if ( is_wp_error( $post ) ) {
|
||||
return $post;
|
||||
}
|
||||
|
||||
$id = $post->ID;
|
||||
$id = (int) $request['id'];
|
||||
$force = (bool) $request['force'];
|
||||
|
||||
$post = get_post( $id );
|
||||
|
||||
if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
|
||||
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
$supports_trash = ( EMPTY_TRASH_DAYS > 0 );
|
||||
|
||||
if ( 'attachment' === $post->post_type ) {
|
||||
@@ -934,12 +901,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
|
||||
// Post ID.
|
||||
if ( isset( $request['id'] ) ) {
|
||||
$existing_post = $this->get_post( $request['id'] );
|
||||
if ( is_wp_error( $existing_post ) ) {
|
||||
return $existing_post;
|
||||
}
|
||||
|
||||
$prepared_post->ID = $existing_post->ID;
|
||||
$prepared_post->ID = absint( $request['id'] );
|
||||
}
|
||||
|
||||
$schema = $this->get_item_schema();
|
||||
|
||||
@@ -71,12 +71,6 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
public function register_routes() {
|
||||
|
||||
register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base, array(
|
||||
'args' => array(
|
||||
'parent' => array(
|
||||
'description' => __( 'The ID for the parent of the object.' ),
|
||||
'type' => 'integer',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_items' ),
|
||||
@@ -87,16 +81,6 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
) );
|
||||
|
||||
register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)', array(
|
||||
'args' => array(
|
||||
'parent' => array(
|
||||
'description' => __( 'The ID for the parent of the object.' ),
|
||||
'type' => 'integer',
|
||||
),
|
||||
'id' => array(
|
||||
'description' => __( 'Unique identifier for the object.' ),
|
||||
'type' => 'integer',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_item' ),
|
||||
@@ -122,28 +106,6 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the parent post, if the ID is valid.
|
||||
*
|
||||
* @since 4.7.2
|
||||
*
|
||||
* @param int $id Supplied ID.
|
||||
* @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
|
||||
*/
|
||||
protected function get_parent( $parent ) {
|
||||
$error = new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );
|
||||
if ( (int) $parent <= 0 ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
$parent = get_post( (int) $parent );
|
||||
if ( empty( $parent ) || empty( $parent->ID ) || $this->parent_post_type !== $parent->post_type ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
return $parent;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a given request has access to get revisions.
|
||||
*
|
||||
@@ -154,11 +116,11 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
|
||||
*/
|
||||
public function get_items_permissions_check( $request ) {
|
||||
$parent = $this->get_parent( $request['parent'] );
|
||||
if ( is_wp_error( $parent ) ) {
|
||||
return $parent;
|
||||
}
|
||||
|
||||
$parent = get_post( $request['parent'] );
|
||||
if ( ! $parent ) {
|
||||
return true;
|
||||
}
|
||||
$parent_post_type_obj = get_post_type_object( $parent->post_type );
|
||||
if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) {
|
||||
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
@@ -167,28 +129,6 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the revision, if the ID is valid.
|
||||
*
|
||||
* @since 4.7.2
|
||||
*
|
||||
* @param int $id Supplied ID.
|
||||
* @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise.
|
||||
*/
|
||||
protected function get_revision( $id ) {
|
||||
$error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );
|
||||
if ( (int) $id <= 0 ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
$revision = get_post( (int) $id );
|
||||
if ( empty( $revision ) || empty( $revision->ID ) || 'revision' !== $revision->post_type ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
return $revision;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a collection of revisions.
|
||||
*
|
||||
@@ -199,9 +139,9 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function get_items( $request ) {
|
||||
$parent = $this->get_parent( $request['parent'] );
|
||||
if ( is_wp_error( $parent ) ) {
|
||||
return $parent;
|
||||
$parent = get_post( $request['parent'] );
|
||||
if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type ) {
|
||||
return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
$revisions = wp_get_post_revisions( $request['parent'] );
|
||||
@@ -237,14 +177,14 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function get_item( $request ) {
|
||||
$parent = $this->get_parent( $request['parent'] );
|
||||
if ( is_wp_error( $parent ) ) {
|
||||
return $parent;
|
||||
$parent = get_post( $request['parent'] );
|
||||
if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type ) {
|
||||
return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
$revision = $this->get_revision( $request['id'] );
|
||||
if ( is_wp_error( $revision ) ) {
|
||||
return $revision;
|
||||
$revision = get_post( $request['id'] );
|
||||
if ( ! $revision || 'revision' !== $revision->post_type ) {
|
||||
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
$response = $this->prepare_item_for_response( $revision, $request );
|
||||
@@ -261,23 +201,18 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
* @return bool|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
|
||||
*/
|
||||
public function delete_item_permissions_check( $request ) {
|
||||
$parent = $this->get_parent( $request['parent'] );
|
||||
if ( is_wp_error( $parent ) ) {
|
||||
return $parent;
|
||||
}
|
||||
|
||||
$revision = $this->get_revision( $request['id'] );
|
||||
if ( is_wp_error( $revision ) ) {
|
||||
return $revision;
|
||||
}
|
||||
|
||||
$response = $this->get_items_permissions_check( $request );
|
||||
if ( ! $response || is_wp_error( $response ) ) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
$post = get_post( $request['id'] );
|
||||
if ( ! $post ) {
|
||||
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
$post_type = get_post_type_object( 'revision' );
|
||||
return current_user_can( $post_type->cap->delete_post, $revision->ID );
|
||||
return current_user_can( $post_type->cap->delete_post, $post->ID );
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -290,11 +225,6 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
* @return true|WP_Error True on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function delete_item( $request ) {
|
||||
$revision = $this->get_revision( $request['id'] );
|
||||
if ( is_wp_error( $revision ) ) {
|
||||
return $revision;
|
||||
}
|
||||
|
||||
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
|
||||
|
||||
// We don't support trashing for revisions.
|
||||
@@ -302,6 +232,7 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||
return new WP_Error( 'rest_trash_not_supported', __( 'Revisions do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) );
|
||||
}
|
||||
|
||||
$revision = get_post( $request['id'] );
|
||||
$previous = $this->prepare_item_for_response( $revision, $request );
|
||||
|
||||
$result = wp_delete_post( $request['id'], true );
|
||||
|
||||
@@ -48,12 +48,6 @@ class WP_REST_Taxonomies_Controller extends WP_REST_Controller {
|
||||
) );
|
||||
|
||||
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<taxonomy>[\w-]+)', array(
|
||||
'args' => array(
|
||||
'taxonomy' => array(
|
||||
'description' => __( 'An alphanumeric identifier for the taxonomy.' ),
|
||||
'type' => 'string',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_item' ),
|
||||
|
||||
@@ -96,12 +96,6 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
) );
|
||||
|
||||
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
|
||||
'args' => array(
|
||||
'id' => array(
|
||||
'description' => __( 'Unique identifier for the term.' ),
|
||||
'type' => 'integer',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_item' ),
|
||||
@@ -114,7 +108,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
'methods' => WP_REST_Server::EDITABLE,
|
||||
'callback' => array( $this, 'update_item' ),
|
||||
'permission_callback' => array( $this, 'update_item_permissions_check' ),
|
||||
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
|
||||
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::DELETABLE,
|
||||
@@ -293,33 +287,6 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the term, if the ID is valid.
|
||||
*
|
||||
* @since 4.7.2
|
||||
*
|
||||
* @param int $id Supplied ID.
|
||||
* @return WP_Term|WP_Error Term object if ID is valid, WP_Error otherwise.
|
||||
*/
|
||||
protected function get_term( $id ) {
|
||||
$error = new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) );
|
||||
|
||||
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
if ( (int) $id <= 0 ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
$term = get_term( (int) $id, $this->taxonomy );
|
||||
if ( empty( $term ) || $term->taxonomy !== $this->taxonomy ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
return $term;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a request has access to read or edit the specified term.
|
||||
*
|
||||
@@ -330,12 +297,11 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
* @return bool|WP_Error True if the request has read access for the item, otherwise false or WP_Error object.
|
||||
*/
|
||||
public function get_item_permissions_check( $request ) {
|
||||
$term = $this->get_term( $request['id'] );
|
||||
if ( is_wp_error( $term ) ) {
|
||||
return $term;
|
||||
$tax_obj = get_taxonomy( $this->taxonomy );
|
||||
if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', $term->term_id ) ) {
|
||||
if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', (int) $request['id'] ) ) {
|
||||
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
return true;
|
||||
@@ -351,7 +317,12 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function get_item( $request ) {
|
||||
$term = $this->get_term( $request['id'] );
|
||||
|
||||
$term = get_term( (int) $request['id'], $this->taxonomy );
|
||||
|
||||
if ( ! $term || $term->taxonomy !== $this->taxonomy ) {
|
||||
return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
if ( is_wp_error( $term ) ) {
|
||||
return $term;
|
||||
@@ -474,9 +445,15 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
* @return bool|WP_Error True if the request has access to update the item, false or WP_Error object otherwise.
|
||||
*/
|
||||
public function update_item_permissions_check( $request ) {
|
||||
$term = $this->get_term( $request['id'] );
|
||||
if ( is_wp_error( $term ) ) {
|
||||
return $term;
|
||||
|
||||
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$term = get_term( (int) $request['id'], $this->taxonomy );
|
||||
|
||||
if ( ! $term ) {
|
||||
return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
if ( ! current_user_can( 'edit_term', $term->term_id ) ) {
|
||||
@@ -496,11 +473,6 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function update_item( $request ) {
|
||||
$term = $this->get_term( $request['id'] );
|
||||
if ( is_wp_error( $term ) ) {
|
||||
return $term;
|
||||
}
|
||||
|
||||
if ( isset( $request['parent'] ) ) {
|
||||
if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) {
|
||||
return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Can not set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) );
|
||||
@@ -515,6 +487,8 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
|
||||
$prepared_term = $this->prepare_item_for_database( $request );
|
||||
|
||||
$term = get_term( (int) $request['id'], $this->taxonomy );
|
||||
|
||||
// Only update the term if we haz something to update.
|
||||
if ( ! empty( $prepared_term ) ) {
|
||||
$update = wp_update_term( $term->term_id, $term->taxonomy, wp_slash( (array) $prepared_term ) );
|
||||
@@ -524,14 +498,14 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
}
|
||||
}
|
||||
|
||||
$term = get_term( $term->term_id, $this->taxonomy );
|
||||
$term = get_term( (int) $request['id'], $this->taxonomy );
|
||||
|
||||
/* This action is documented in lib/endpoints/class-wp-rest-terms-controller.php */
|
||||
do_action( "rest_insert_{$this->taxonomy}", $term, $request, false );
|
||||
|
||||
$schema = $this->get_item_schema();
|
||||
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
|
||||
$meta_update = $this->meta->update_value( $request['meta'], $term->term_id );
|
||||
$meta_update = $this->meta->update_value( $request['meta'], (int) $request['id'] );
|
||||
|
||||
if ( is_wp_error( $meta_update ) ) {
|
||||
return $meta_update;
|
||||
@@ -561,9 +535,14 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
* @return bool|WP_Error True if the request has access to delete the item, otherwise false or WP_Error object.
|
||||
*/
|
||||
public function delete_item_permissions_check( $request ) {
|
||||
$term = $this->get_term( $request['id'] );
|
||||
if ( is_wp_error( $term ) ) {
|
||||
return $term;
|
||||
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$term = get_term( (int) $request['id'], $this->taxonomy );
|
||||
|
||||
if ( ! $term ) {
|
||||
return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
if ( ! current_user_can( 'delete_term', $term->term_id ) ) {
|
||||
@@ -583,10 +562,6 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function delete_item( $request ) {
|
||||
$term = $this->get_term( $request['id'] );
|
||||
if ( is_wp_error( $term ) ) {
|
||||
return $term;
|
||||
}
|
||||
|
||||
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
|
||||
|
||||
@@ -595,6 +570,8 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||
return new WP_Error( 'rest_trash_not_supported', __( 'Terms do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) );
|
||||
}
|
||||
|
||||
$term = get_term( (int) $request['id'], $this->taxonomy );
|
||||
|
||||
$request->set_param( 'context', 'view' );
|
||||
|
||||
$previous = $this->prepare_item_for_response( $term, $request );
|
||||
|
||||
@@ -65,12 +65,6 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
) );
|
||||
|
||||
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
|
||||
'args' => array(
|
||||
'id' => array(
|
||||
'description' => __( 'Unique identifier for the user.' ),
|
||||
'type' => 'integer',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'methods' => WP_REST_Server::READABLE,
|
||||
'callback' => array( $this, 'get_item' ),
|
||||
@@ -331,28 +325,6 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the user, if the ID is valid.
|
||||
*
|
||||
* @since 4.7.2
|
||||
*
|
||||
* @param int $id Supplied ID.
|
||||
* @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
|
||||
*/
|
||||
protected function get_user( $id ) {
|
||||
$error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
|
||||
if ( (int) $id <= 0 ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
$user = get_userdata( (int) $id );
|
||||
if ( empty( $user ) || ! $user->exists() ) {
|
||||
return $error;
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a given request has access to read a user.
|
||||
*
|
||||
@@ -363,20 +335,22 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
* @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
|
||||
*/
|
||||
public function get_item_permissions_check( $request ) {
|
||||
$user = $this->get_user( $request['id'] );
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
$id = (int) $request['id'];
|
||||
$user = get_userdata( $id );
|
||||
$types = get_post_types( array( 'show_in_rest' => true ), 'names' );
|
||||
|
||||
if ( get_current_user_id() === $user->ID ) {
|
||||
if ( empty( $id ) || empty( $user->ID ) ) {
|
||||
return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
if ( get_current_user_id() === $id ) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
|
||||
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
} elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) {
|
||||
} elseif ( ! count_user_posts( $id, $types ) && ! current_user_can( 'edit_user', $id ) && ! current_user_can( 'list_users' ) ) {
|
||||
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
@@ -393,9 +367,11 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function get_item( $request ) {
|
||||
$user = $this->get_user( $request['id'] );
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return $user;
|
||||
$id = (int) $request['id'];
|
||||
$user = get_userdata( $id );
|
||||
|
||||
if ( empty( $id ) || empty( $user->ID ) ) {
|
||||
return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
$user = $this->prepare_item_for_response( $user, $request );
|
||||
@@ -565,12 +541,10 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
|
||||
*/
|
||||
public function update_item_permissions_check( $request ) {
|
||||
$user = $this->get_user( $request['id'] );
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
|
||||
$id = (int) $request['id'];
|
||||
|
||||
if ( ! current_user_can( 'edit_user', $id ) ) {
|
||||
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
@@ -591,12 +565,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
|
||||
*/
|
||||
public function update_item( $request ) {
|
||||
$user = $this->get_user( $request['id'] );
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
$id = $user->ID;
|
||||
$id = (int) $request['id'];
|
||||
$user = get_userdata( $id );
|
||||
|
||||
if ( ! $user ) {
|
||||
return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
|
||||
@@ -711,12 +681,10 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
* @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
|
||||
*/
|
||||
public function delete_item_permissions_check( $request ) {
|
||||
$user = $this->get_user( $request['id'] );
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
if ( ! current_user_can( 'delete_user', $user->ID ) ) {
|
||||
$id = (int) $request['id'];
|
||||
|
||||
if ( ! current_user_can( 'delete_user', $id ) ) {
|
||||
return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
@@ -737,12 +705,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
if ( is_multisite() ) {
|
||||
return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) );
|
||||
}
|
||||
$user = $this->get_user( $request['id'] );
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
$id = $user->ID;
|
||||
$id = (int) $request['id'];
|
||||
$reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
|
||||
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
|
||||
|
||||
@@ -751,6 +715,12 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
return new WP_Error( 'rest_trash_not_supported', __( 'Users do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) );
|
||||
}
|
||||
|
||||
$user = get_userdata( $id );
|
||||
|
||||
if ( ! $user ) {
|
||||
return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
||||
if ( ! empty( $reassign ) ) {
|
||||
if ( $reassign === $id || ! get_userdata( $reassign ) ) {
|
||||
return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) );
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.7.2';
|
||||
$wp_version = '4.7.1';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
||||
Reference in New Issue
Block a user