Ticket #38420: 38420.2.diff
| File 38420.2.diff, 3.6 KB (added by , 10 years ago) |
|---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
diff --git src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 9d7f85a..c047d06 100644
class WP_REST_Posts_Controller extends WP_REST_Controller { 137 137 'parent_exclude' => 'post_parent__not_in', 138 138 'search' => 's', 139 139 'slug' => 'name', 140 'status' => 'post_status' ,140 'status' => 'post_status' 141 141 ); 142 142 143 143 // For each known parameter which is both registered and present in the request, … … class WP_REST_Posts_Controller extends WP_REST_Controller { 1906 1906 'default' => 'publish', 1907 1907 'description' => __( 'Limit result set to posts assigned a specific status; can be comma-delimited list of status types.' ), 1908 1908 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), 1909 'sanitize_callback' => ' sanitize_key',1910 'type' => ' string',1909 'sanitize_callback' => 'wp_parse_slug_list', 1910 'type' => 'array', 1911 1911 'validate_callback' => array( $this, 'validate_user_can_query_private_statuses' ), 1912 1912 ); 1913 1913 $params['filter'] = array( … … class WP_REST_Posts_Controller extends WP_REST_Controller { 1946 1946 * @return WP_Error|boolean 1947 1947 */ 1948 1948 public function validate_user_can_query_private_statuses( $value, $request, $parameter ) { 1949 if ( 'publish' === $value ) {1949 if ( 'publish' === $value || is_array( $value ) && count( 1 === $value ) && in_array( 'publish', $value, true ) ) { 1950 1950 return true; 1951 1951 } 1952 1952 $post_type_obj = get_post_type_object( $this->post_type ); -
tests/phpunit/tests/rest-api/rest-posts-controller.php
diff --git tests/phpunit/tests/rest-api/rest-posts-controller.php tests/phpunit/tests/rest-api/rest-posts-controller.php index 648d74f..34affe7 100644
class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 240 240 $this->assertEquals( 1, count( $response->get_data() ) ); 241 241 } 242 242 243 public function test_get_items_multiple_status_query_1() { 244 wp_set_current_user( 0 ); 245 $this->factory->post->create( array( 'post_status' => 'draft' ) ); 246 247 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 248 $request->set_param( 'status', array( 'publish' ) ); 249 $response = $this->server->dispatch( $request ); 250 $this->assertEquals( 200, $response->get_status() ); 251 $this->assertEquals( 1, count( $response->get_data() ) ); 252 253 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 254 $request->set_param( 'status', array( 'draft', 'post' ) ); 255 $response = $this->server->dispatch( $request ); 256 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 257 258 wp_set_current_user( $this->editor_id ); 259 260 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 261 $request->set_param( 'status', 'draft,publish' ); 262 $response = $this->server->dispatch( $request ); 263 $this->assertEquals( 200, $response->get_status() ); 264 $this->assertEquals( 2, count( $response->get_data() ) ); 265 266 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 267 $request->set_param( 'status', array( 'draft', 'publish' ) ); 268 $response = $this->server->dispatch( $request ); 269 $this->assertEquals( 200, $response->get_status() ); 270 $this->assertEquals( 2, count( $response->get_data() ) ); 271 } 272 243 273 public function test_get_items_status_without_permissions() { 244 274 $draft_id = $this->factory->post->create( array( 245 275 'post_status' => 'draft',