Ticket #38420: 38420.4.diff
| File 38420.4.diff, 5.4 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/rest-api.php
diff --git src/wp-includes/rest-api.php src/wp-includes/rest-api.php index 1a7da17..cea7218 100644
function rest_validate_request_arg( $value, $request, $param ) { 825 825 } 826 826 } 827 827 828 // Handle enum arrays. 829 if ( 'array' === $args['type'] && ! empty( $args['items']['enum'] ) && ! empty( $args['items']['type'] ) && 'string' === $args['items']['type'] ) { 830 $values = wp_parse_slug_list( $value ); 831 $wrong_params = array(); 832 foreach ( $values as $val ) { 833 if ( ! in_array( $val, $args['items']['enum'], true ) ) { 834 $wrong_params[] = $val; 835 } 836 } 837 838 if ( count( $wrong_params ) > 0 ) { 839 return new WP_Error( 'rest_invalid_param', sprintf( /* translators: 1: parameter, 2: list of valid values */ __( '%1$s contains values not of %2$s.' ), $param, implode( ', ', $args['items']['enum'] ) ) ); 840 } 841 } 842 828 843 if ( 'integer' === $args['type'] && ! is_numeric( $value ) ) { 829 844 return new WP_Error( 'rest_invalid_param', sprintf( /* translators: 1: parameter, 2: type name */ __( '%1$s is not of type %2$s.' ), $param, 'integer' ) ); 830 845 } -
src/wp-includes/rest-api/class-wp-rest-server.php
diff --git src/wp-includes/rest-api/class-wp-rest-server.php src/wp-includes/rest-api/class-wp-rest-server.php index 391f549..957a436 100644
class WP_REST_Server { 1181 1181 if ( isset( $opts['description'] ) ) { 1182 1182 $arg_data['description'] = $opts['description']; 1183 1183 } 1184 if ( isset( $opts['items'] ) ) { 1185 if ( isset( $opts['items']['enum'] ) ) { 1186 $arg_data['items']['enum'] = $opts['items']['enum']; 1187 } 1188 if ( isset( $opts['items']['type'] ) ) { 1189 $arg_data['items']['type'] = $opts['items']['type']; 1190 } 1191 } 1184 1192 $endpoint_data['args'][ $key ] = $arg_data; 1185 1193 } 1186 1194 } -
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
diff --git src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 6812c13..64f5933 100644
class WP_REST_Posts_Controller extends WP_REST_Controller { 1905 1905 $params['status'] = array( 1906 1906 'default' => 'publish', 1907 1907 'description' => __( 'Limit result set to posts assigned a specific status; can be comma-delimited list of status types.' ), 1908 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), 1909 'sanitize_callback' => 'sanitize_key', 1910 'type' => 'string', 1908 'sanitize_callback' => 'wp_parse_slug_list', 1909 'type' => 'array', 1910 'items' => array( 1911 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), 1912 'type' => 'string', 1913 ), 1911 1914 'validate_callback' => array( $this, 'validate_user_can_query_private_statuses' ), 1912 1915 ); 1913 1916 $params['filter'] = array( … … class WP_REST_Posts_Controller extends WP_REST_Controller { 1946 1949 * @return WP_Error|boolean 1947 1950 */ 1948 1951 public function validate_user_can_query_private_statuses( $value, $request, $parameter ) { 1949 if ( 'publish' === $value ) { 1952 // "publish" and array( "publish" ) are equivalent, and always queryable. 1953 if ( 'publish' === $value || is_array( $value ) && count( 1 === $value ) && in_array( 'publish', $value, true ) ) { 1950 1954 return rest_validate_request_arg( $value, $request, $parameter ); 1951 1955 } 1952 1956 $post_type_obj = get_post_type_object( $this->post_type ); -
tests/phpunit/tests/rest-api/rest-posts-controller.php
diff --git tests/phpunit/tests/rest-api/rest-posts-controller.php tests/phpunit/tests/rest-api/rest-posts-controller.php index dd86f94..d1c1d59 100644
class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 248 248 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 249 249 } 250 250 251 public function test_get_items_multiple_status_query() { 252 wp_set_current_user( 0 ); 253 $this->factory->post->create( array( 'post_status' => 'draft' ) ); 254 255 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 256 $request->set_param( 'status', array( 'publish' ) ); 257 $response = $this->server->dispatch( $request ); 258 $this->assertEquals( 200, $response->get_status() ); 259 $this->assertEquals( 1, count( $response->get_data() ) ); 260 261 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 262 $request->set_param( 'status', array( 'draft', 'post' ) ); 263 $response = $this->server->dispatch( $request ); 264 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 265 266 wp_set_current_user( $this->editor_id ); 267 268 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 269 $request->set_param( 'status', 'draft,publish' ); 270 $response = $this->server->dispatch( $request ); 271 $this->assertEquals( 200, $response->get_status() ); 272 $this->assertEquals( 2, count( $response->get_data() ) ); 273 274 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 275 $request->set_param( 'status', array( 'draft', 'publish' ) ); 276 $response = $this->server->dispatch( $request ); 277 $this->assertEquals( 200, $response->get_status() ); 278 $this->assertEquals( 2, count( $response->get_data() ) ); 279 } 280 251 281 public function test_get_items_status_without_permissions() { 252 282 $draft_id = $this->factory->post->create( array( 253 283 'post_status' => 'draft',