Ticket #38420: 38420.5.diff
| File 38420.5.diff, 13.6 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/rest-api/class-wp-rest-server.php
diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php index c7026eb..ff6d848 100644
a b class WP_REST_Server { 1183 1183 if ( isset( $opts['description'] ) ) { 1184 1184 $arg_data['description'] = $opts['description']; 1185 1185 } 1186 if ( isset( $opts['type'] ) ) { 1187 $arg_data['type'] = $opts['type']; 1188 } 1189 if ( isset( $opts['items'] ) ) { 1190 if ( isset( $opts['items']['type'] ) ) { 1191 $arg_data['items']['type'] = $opts['items']['type']; 1192 } 1193 if ( isset( $opts['items']['enum'] ) ) { 1194 $arg_data['items']['enum'] = $opts['items']['enum']; 1195 } 1196 } 1186 1197 $endpoint_data['args'][ $key ] = $arg_data; 1187 1198 } 1188 1199 } -
src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index 2749b12..42187df 100644
a b class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 30 30 protected function prepare_items_query( $prepared_args = array(), $request = null ) { 31 31 $query_args = parent::prepare_items_query( $prepared_args, $request ); 32 32 33 if ( empty( $query_args['post_status'] ) || ! in_array( $query_args['post_status'], array( 'inherit', 'private', 'trash' ), true )) {33 if ( empty( $query_args['post_status'] ) ) { 34 34 $query_args['post_status'] = 'inherit'; 35 35 } 36 36 … … class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 586 586 public function get_collection_params() { 587 587 $params = parent::get_collection_params(); 588 588 $params['status']['default'] = 'inherit'; 589 $params['status'][' enum'] = array( 'inherit', 'private', 'trash' );589 $params['status']['items']['enum'] = array( 'inherit', 'private', 'trash' ); 590 590 $media_types = $this->get_media_types(); 591 591 592 592 $params['media_type'] = array( -
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index e5d6237..bbf5882 100644
a b class WP_REST_Posts_Controller extends WP_REST_Controller { 2109 2109 2110 2110 $params['status'] = array( 2111 2111 'default' => 'publish', 2112 'description' => __( 'Limit result set to posts assigned a specific status; can be comma-delimited list of status types.' ), 2113 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), 2114 'sanitize_callback' => 'sanitize_key', 2115 'type' => 'string', 2116 'validate_callback' => array( $this, 'validate_user_can_query_private_statuses' ), 2112 'description' => __( 'Limit result set to posts assigned one or more statuses.' ), 2113 'type' => 'array', 2114 'items' => array( 2115 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), 2116 'type' => 'string', 2117 ), 2118 'sanitize_callback' => array( $this, 'sanitize_post_statuses' ), 2117 2119 ); 2118 2120 2119 2121 $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); … … class WP_REST_Posts_Controller extends WP_REST_Controller { 2141 2143 } 2142 2144 2143 2145 /** 2144 * Validates whether the user can query private statuses. 2146 * Sanitizes and validates the list of post statuses, including whether the 2147 * user can query private statuses. 2145 2148 * 2146 2149 * @since 4.7.0 2147 2150 * @access public 2148 2151 * 2149 * @param mixed $value Post status.2152 * @param string|array $statuses One or more post statuses. 2150 2153 * @param WP_REST_Request $request Full details about the request. 2151 2154 * @param string $parameter Additional parameter to pass to validation. 2152 * @return bool|WP_Error Whether the request can query privatestatuses, otherwise WP_Error object.2155 * @return array|WP_Error A list of valid statuses, otherwise WP_Error object. 2153 2156 */ 2154 public function validate_user_can_query_private_statuses( $value, $request, $parameter ) { 2155 if ( 'publish' === $value ) { 2156 return rest_validate_request_arg( $value, $request, $parameter ); 2157 } 2157 public function sanitize_post_statuses( $statuses, $request, $parameter ) { 2158 $statuses = wp_parse_slug_list( $statuses ); 2158 2159 2159 $post_type_obj = get_post_type_object( $this->post_type ); 2160 // The default status is different in WP_REST_Attachments_Controller 2161 $attributes = $request->get_attributes(); 2162 $default_status = $attributes['args']['status']['default']; 2160 2163 2161 if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { 2162 return rest_validate_request_arg( $value, $request, $parameter ); 2164 foreach ( $statuses as $status ) { 2165 if ( $status === $default_status ) { 2166 continue; 2167 } 2168 2169 $post_type_obj = get_post_type_object( $this->post_type ); 2170 2171 if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { 2172 $result = rest_validate_request_arg( $status, $request, $parameter ); 2173 if ( is_wp_error( $result ) ) { 2174 return $result; 2175 } 2176 } else { 2177 return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) ); 2178 } 2163 2179 } 2164 2180 2165 return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );2181 return $statuses; 2166 2182 } 2167 2183 } -
tests/phpunit/includes/utils.php
diff --git a/tests/phpunit/includes/utils.php b/tests/phpunit/includes/utils.php index a151360..7c2f903 100644
a b function test_rest_expand_compact_links( $links ) { 472 472 } 473 473 return $links; 474 474 } 475 476 function get_rest_array_enum_schema() { 477 return array( 478 'type' => 'array', 479 'items' => array( 480 'enum' => array( 'chicken', 'ribs', 'brisket' ), 481 'type' => 'string', 482 ), 483 ); 484 } -
tests/phpunit/tests/rest-api/rest-attachments-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index 7960312..40148a0 100644
a b class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 327 327 $this->assertEquals( $attachment_id1, $data[0]['id'] ); 328 328 } 329 329 330 public function test_get_items_multiple_statuses() { 331 // Logged out users can't make the request 332 wp_set_current_user( 0 ); 333 $attachment_id1 = $this->factory->attachment->create_object( $this->test_file, 0, array( 334 'post_mime_type' => 'image/jpeg', 335 'post_excerpt' => 'A sample caption', 336 'post_status' => 'private', 337 ) ); 338 $attachment_id2 = $this->factory->attachment->create_object( $this->test_file, 0, array( 339 'post_mime_type' => 'image/jpeg', 340 'post_excerpt' => 'A sample caption', 341 'post_status' => 'trash', 342 ) ); 343 $request = new WP_REST_Request( 'GET', '/wp/v2/media' ); 344 $request->set_param( 'status', array( 'private', 'trash' ) ); 345 $response = $this->server->dispatch( $request ); 346 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 347 // Properly authorized users can make the request 348 wp_set_current_user( self::$editor_id ); 349 $response = $this->server->dispatch( $request ); 350 $this->assertEquals( 200, $response->get_status() ); 351 $data = $response->get_data(); 352 $this->assertEquals( 2, count( $data ) ); 353 $ids = array( 354 $data[0]['id'], 355 $data[1]['id'], 356 ); 357 sort( $ids ); 358 $this->assertEquals( array( $attachment_id1, $attachment_id2 ), $ids ); 359 } 360 330 361 public function test_get_items_invalid_date() { 331 362 $request = new WP_REST_Request( 'GET', '/wp/v2/media' ); 332 363 $request->set_param( 'after', rand_str() ); -
tests/phpunit/tests/rest-api/rest-posts-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index 73864e9..e8b3124 100644
a b class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 261 261 $this->assertEquals( 1, count( $response->get_data() ) ); 262 262 } 263 263 264 public function test_get_items_multiple_statuses_string_query() { 265 wp_set_current_user( self::$editor_id ); 266 267 $this->factory->post->create( array( 'post_status' => 'draft' ) ); 268 $this->factory->post->create( array( 'post_status' => 'private' ) ); 269 $this->factory->post->create( array( 'post_status' => 'publish' ) ); 270 271 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 272 $request->set_param( 'context', 'edit' ); 273 $request->set_param( 'status', 'draft,private' ); 274 275 $response = $this->server->dispatch( $request ); 276 $this->assertEquals( 200, $response->get_status() ); 277 $data = $response->get_data(); 278 $this->assertEquals( 2, count( $data ) ); 279 $statuses = array( 280 $data[0]['status'], 281 $data[1]['status'], 282 ); 283 sort( $statuses ); 284 $this->assertEquals( array( 'draft', 'private' ), $statuses ); 285 } 286 287 public function test_get_items_multiple_statuses_array_query() { 288 wp_set_current_user( self::$editor_id ); 289 290 $this->factory->post->create( array( 'post_status' => 'draft' ) ); 291 $this->factory->post->create( array( 'post_status' => 'pending' ) ); 292 $this->factory->post->create( array( 'post_status' => 'publish' ) ); 293 294 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 295 $request->set_param( 'context', 'edit' ); 296 $request->set_param( 'status', array( 'draft', 'pending' ) ); 297 298 $response = $this->server->dispatch( $request ); 299 $this->assertEquals( 200, $response->get_status() ); 300 $data = $response->get_data(); 301 $this->assertEquals( 2, count( $data ) ); 302 $statuses = array( 303 $data[0]['status'], 304 $data[1]['status'], 305 ); 306 sort( $statuses ); 307 $this->assertEquals( array( 'draft', 'pending' ), $statuses ); 308 } 309 310 public function test_get_items_multiple_statuses_one_invalid_query() { 311 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 312 $request->set_param( 'context', 'edit' ); 313 $request->set_param( 'status', array( 'draft', 'nonsense' ) ); 314 $response = $this->server->dispatch( $request ); 315 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 316 } 317 264 318 public function test_get_items_invalid_status_query() { 265 319 wp_set_current_user( 0 ); 266 320 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); … … class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 1878 1932 $this->assertArrayHasKey( 'categories_exclude', $properties ); 1879 1933 } 1880 1934 1935 public function test_status_array_enum_args() { 1936 $request = new WP_REST_Request( 'GET', '/wp/v2' ); 1937 $response = $this->server->dispatch( $request ); 1938 $data = $response->get_data(); 1939 $list_posts_args = $data['routes']['/wp/v2/posts']['endpoints'][0]['args']; 1940 $status_arg = $list_posts_args['status']; 1941 $this->assertEquals( 'array', $status_arg['type'] ); 1942 $this->assertEquals( array( 1943 'type' => 'string', 1944 'enum' => array( 'publish', 'future', 'draft', 'pending', 'private', 'trash', 'auto-draft', 'inherit', 'any' ), 1945 ), $status_arg['items'] ); 1946 } 1947 1881 1948 public function test_get_additional_field_registration() { 1882 1949 1883 1950 $schema = array( -
tests/phpunit/tests/rest-api/rest-schema-sanitization.php
diff --git a/tests/phpunit/tests/rest-api/rest-schema-sanitization.php b/tests/phpunit/tests/rest-api/rest-schema-sanitization.php index 875a2aa..e4049c6 100644
a b class WP_Test_REST_Schema_Sanitization extends WP_UnitTestCase { 86 86 $this->assertEquals( array( 1, 2 ), rest_sanitize_value_from_schema( '1,2', $schema ) ); 87 87 $this->assertEquals( array( 1, 2, 0 ), rest_sanitize_value_from_schema( '1,2,a', $schema ) ); 88 88 } 89 90 public function test_type_array_with_enum() { 91 $schema = get_rest_array_enum_schema(); 92 $this->assertEquals( array( 'ribs', 'brisket' ), rest_sanitize_value_from_schema( array( 'ribs', 'brisket' ), $schema ) ); 93 $this->assertEquals( array( 'coleslaw' ), rest_sanitize_value_from_schema( array( 'coleslaw' ), $schema ) ); 94 } 95 96 public function test_type_array_with_enum_as_csv() { 97 $schema = get_rest_array_enum_schema(); 98 $this->assertEquals( array( 'ribs', 'chicken' ), rest_sanitize_value_from_schema( 'ribs,chicken', $schema ) ); 99 $this->assertEquals( array( 'chicken', 'coleslaw' ), rest_sanitize_value_from_schema( 'chicken,coleslaw', $schema ) ); 100 } 89 101 } -
tests/phpunit/tests/rest-api/rest-schema-validation.php
diff --git a/tests/phpunit/tests/rest-api/rest-schema-validation.php b/tests/phpunit/tests/rest-api/rest-schema-validation.php index 1d85008..9e10a61 100644
a b class WP_Test_REST_Schema_Validation extends WP_UnitTestCase { 115 115 $this->assertTrue( rest_validate_value_from_schema( '1,2,3', $schema ) ); 116 116 $this->assertWPError( rest_validate_value_from_schema( 'lol', $schema ) ); 117 117 } 118 119 public function test_type_array_with_enum() { 120 $schema = get_rest_array_enum_schema(); 121 $this->assertTrue( rest_validate_value_from_schema( array( 'ribs', 'brisket' ), $schema ) ); 122 $this->assertWPError( rest_validate_value_from_schema( array( 'coleslaw' ), $schema ) ); 123 } 124 125 public function test_type_array_with_enum_as_csv() { 126 $schema = get_rest_array_enum_schema(); 127 $this->assertTrue( rest_validate_value_from_schema( 'ribs,chicken', $schema ) ); 128 $this->assertWPError( rest_validate_value_from_schema( 'chicken,coleslaw', $schema ) ); 129 } 118 130 }