Ticket #38420: 38420.6.diff
| File 38420.6.diff, 13.4 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/rest-api/class-wp-rest-server.php
diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php index c7026eb..76f8b3f 100644
a b class WP_REST_Server { 1183 1183 if ( isset( $opts['description'] ) ) { 1184 1184 $arg_data['description'] = $opts['description']; 1185 1185 } 1186 if ( isset( $opts['type'] ) ) { 1187 $arg_data['type'] = $opts['type']; 1188 } 1189 if ( isset( $opts['items'] ) ) { 1190 $arg_data['items'] = $opts['items']; 1191 } 1186 1192 $endpoint_data['args'][ $key ] = $arg_data; 1187 1193 } 1188 1194 } -
src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index 2749b12..42187df 100644
a b class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 30 30 protected function prepare_items_query( $prepared_args = array(), $request = null ) { 31 31 $query_args = parent::prepare_items_query( $prepared_args, $request ); 32 32 33 if ( empty( $query_args['post_status'] ) || ! in_array( $query_args['post_status'], array( 'inherit', 'private', 'trash' ), true )) {33 if ( empty( $query_args['post_status'] ) ) { 34 34 $query_args['post_status'] = 'inherit'; 35 35 } 36 36 … … class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 586 586 public function get_collection_params() { 587 587 $params = parent::get_collection_params(); 588 588 $params['status']['default'] = 'inherit'; 589 $params['status'][' enum'] = array( 'inherit', 'private', 'trash' );589 $params['status']['items']['enum'] = array( 'inherit', 'private', 'trash' ); 590 590 $media_types = $this->get_media_types(); 591 591 592 592 $params['media_type'] = array( -
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 0122f9a..2eed29b 100644
a b class WP_REST_Posts_Controller extends WP_REST_Controller { 2120 2120 2121 2121 $params['status'] = array( 2122 2122 'default' => 'publish', 2123 'description' => __( 'Limit result set to posts assigned a specific status; can be comma-delimited list of status types.' ), 2124 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), 2125 'sanitize_callback' => 'sanitize_key', 2126 'type' => 'string', 2127 'validate_callback' => array( $this, 'validate_user_can_query_private_statuses' ), 2123 'description' => __( 'Limit result set to posts assigned one or more statuses.' ), 2124 'type' => 'array', 2125 'items' => array( 2126 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), 2127 'type' => 'string', 2128 ), 2129 'sanitize_callback' => array( $this, 'sanitize_post_statuses' ), 2128 2130 ); 2129 2131 2130 2132 $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); … … class WP_REST_Posts_Controller extends WP_REST_Controller { 2152 2154 } 2153 2155 2154 2156 /** 2155 * Validates whether the user can query private statuses. 2157 * Sanitizes and validates the list of post statuses, including whether the 2158 * user can query private statuses. 2156 2159 * 2157 2160 * @since 4.7.0 2158 2161 * @access public 2159 2162 * 2160 * @param mixed $value Post status.2163 * @param string|array $statuses One or more post statuses. 2161 2164 * @param WP_REST_Request $request Full details about the request. 2162 2165 * @param string $parameter Additional parameter to pass to validation. 2163 * @return bool|WP_Error Whether the request can query privatestatuses, otherwise WP_Error object.2166 * @return array|WP_Error A list of valid statuses, otherwise WP_Error object. 2164 2167 */ 2165 public function validate_user_can_query_private_statuses( $value, $request, $parameter ) { 2166 if ( 'publish' === $value ) { 2167 return rest_validate_request_arg( $value, $request, $parameter ); 2168 } 2168 public function sanitize_post_statuses( $statuses, $request, $parameter ) { 2169 $statuses = wp_parse_slug_list( $statuses ); 2169 2170 2170 $post_type_obj = get_post_type_object( $this->post_type ); 2171 // The default status is different in WP_REST_Attachments_Controller 2172 $attributes = $request->get_attributes(); 2173 $default_status = $attributes['args']['status']['default']; 2171 2174 2172 if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { 2173 return rest_validate_request_arg( $value, $request, $parameter ); 2175 foreach ( $statuses as $status ) { 2176 if ( $status === $default_status ) { 2177 continue; 2178 } 2179 2180 $post_type_obj = get_post_type_object( $this->post_type ); 2181 2182 if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { 2183 $result = rest_validate_request_arg( $status, $request, $parameter ); 2184 if ( is_wp_error( $result ) ) { 2185 return $result; 2186 } 2187 } else { 2188 return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) ); 2189 } 2174 2190 } 2175 2191 2176 return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );2192 return $statuses; 2177 2193 } 2178 2194 } -
tests/phpunit/includes/utils.php
diff --git a/tests/phpunit/includes/utils.php b/tests/phpunit/includes/utils.php index a151360..7c2f903 100644
a b function test_rest_expand_compact_links( $links ) { 472 472 } 473 473 return $links; 474 474 } 475 476 function get_rest_array_enum_schema() { 477 return array( 478 'type' => 'array', 479 'items' => array( 480 'enum' => array( 'chicken', 'ribs', 'brisket' ), 481 'type' => 'string', 482 ), 483 ); 484 } -
tests/phpunit/tests/rest-api/rest-attachments-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index 7960312..40148a0 100644
a b class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 327 327 $this->assertEquals( $attachment_id1, $data[0]['id'] ); 328 328 } 329 329 330 public function test_get_items_multiple_statuses() { 331 // Logged out users can't make the request 332 wp_set_current_user( 0 ); 333 $attachment_id1 = $this->factory->attachment->create_object( $this->test_file, 0, array( 334 'post_mime_type' => 'image/jpeg', 335 'post_excerpt' => 'A sample caption', 336 'post_status' => 'private', 337 ) ); 338 $attachment_id2 = $this->factory->attachment->create_object( $this->test_file, 0, array( 339 'post_mime_type' => 'image/jpeg', 340 'post_excerpt' => 'A sample caption', 341 'post_status' => 'trash', 342 ) ); 343 $request = new WP_REST_Request( 'GET', '/wp/v2/media' ); 344 $request->set_param( 'status', array( 'private', 'trash' ) ); 345 $response = $this->server->dispatch( $request ); 346 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 347 // Properly authorized users can make the request 348 wp_set_current_user( self::$editor_id ); 349 $response = $this->server->dispatch( $request ); 350 $this->assertEquals( 200, $response->get_status() ); 351 $data = $response->get_data(); 352 $this->assertEquals( 2, count( $data ) ); 353 $ids = array( 354 $data[0]['id'], 355 $data[1]['id'], 356 ); 357 sort( $ids ); 358 $this->assertEquals( array( $attachment_id1, $attachment_id2 ), $ids ); 359 } 360 330 361 public function test_get_items_invalid_date() { 331 362 $request = new WP_REST_Request( 'GET', '/wp/v2/media' ); 332 363 $request->set_param( 'after', rand_str() ); -
tests/phpunit/tests/rest-api/rest-posts-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index dcebfe8..9b7206f 100644
a b class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 310 310 $this->assertEquals( 1, count( $response->get_data() ) ); 311 311 } 312 312 313 public function test_get_items_multiple_statuses_string_query() { 314 wp_set_current_user( self::$editor_id ); 315 316 $this->factory->post->create( array( 'post_status' => 'draft' ) ); 317 $this->factory->post->create( array( 'post_status' => 'private' ) ); 318 $this->factory->post->create( array( 'post_status' => 'publish' ) ); 319 320 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 321 $request->set_param( 'context', 'edit' ); 322 $request->set_param( 'status', 'draft,private' ); 323 324 $response = $this->server->dispatch( $request ); 325 $this->assertEquals( 200, $response->get_status() ); 326 $data = $response->get_data(); 327 $this->assertEquals( 2, count( $data ) ); 328 $statuses = array( 329 $data[0]['status'], 330 $data[1]['status'], 331 ); 332 sort( $statuses ); 333 $this->assertEquals( array( 'draft', 'private' ), $statuses ); 334 } 335 336 public function test_get_items_multiple_statuses_array_query() { 337 wp_set_current_user( self::$editor_id ); 338 339 $this->factory->post->create( array( 'post_status' => 'draft' ) ); 340 $this->factory->post->create( array( 'post_status' => 'pending' ) ); 341 $this->factory->post->create( array( 'post_status' => 'publish' ) ); 342 343 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 344 $request->set_param( 'context', 'edit' ); 345 $request->set_param( 'status', array( 'draft', 'pending' ) ); 346 347 $response = $this->server->dispatch( $request ); 348 $this->assertEquals( 200, $response->get_status() ); 349 $data = $response->get_data(); 350 $this->assertEquals( 2, count( $data ) ); 351 $statuses = array( 352 $data[0]['status'], 353 $data[1]['status'], 354 ); 355 sort( $statuses ); 356 $this->assertEquals( array( 'draft', 'pending' ), $statuses ); 357 } 358 359 public function test_get_items_multiple_statuses_one_invalid_query() { 360 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 361 $request->set_param( 'context', 'edit' ); 362 $request->set_param( 'status', array( 'draft', 'nonsense' ) ); 363 $response = $this->server->dispatch( $request ); 364 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 365 } 366 313 367 public function test_get_items_invalid_status_query() { 314 368 wp_set_current_user( 0 ); 315 369 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); … … class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 1963 2017 $this->assertArrayHasKey( 'categories_exclude', $properties ); 1964 2018 } 1965 2019 2020 public function test_status_array_enum_args() { 2021 $request = new WP_REST_Request( 'GET', '/wp/v2' ); 2022 $response = $this->server->dispatch( $request ); 2023 $data = $response->get_data(); 2024 $list_posts_args = $data['routes']['/wp/v2/posts']['endpoints'][0]['args']; 2025 $status_arg = $list_posts_args['status']; 2026 $this->assertEquals( 'array', $status_arg['type'] ); 2027 $this->assertEquals( array( 2028 'type' => 'string', 2029 'enum' => array( 'publish', 'future', 'draft', 'pending', 'private', 'trash', 'auto-draft', 'inherit', 'any' ), 2030 ), $status_arg['items'] ); 2031 } 2032 1966 2033 public function test_get_additional_field_registration() { 1967 2034 1968 2035 $schema = array( -
tests/phpunit/tests/rest-api/rest-schema-sanitization.php
diff --git a/tests/phpunit/tests/rest-api/rest-schema-sanitization.php b/tests/phpunit/tests/rest-api/rest-schema-sanitization.php index 875a2aa..e4049c6 100644
a b class WP_Test_REST_Schema_Sanitization extends WP_UnitTestCase { 86 86 $this->assertEquals( array( 1, 2 ), rest_sanitize_value_from_schema( '1,2', $schema ) ); 87 87 $this->assertEquals( array( 1, 2, 0 ), rest_sanitize_value_from_schema( '1,2,a', $schema ) ); 88 88 } 89 90 public function test_type_array_with_enum() { 91 $schema = get_rest_array_enum_schema(); 92 $this->assertEquals( array( 'ribs', 'brisket' ), rest_sanitize_value_from_schema( array( 'ribs', 'brisket' ), $schema ) ); 93 $this->assertEquals( array( 'coleslaw' ), rest_sanitize_value_from_schema( array( 'coleslaw' ), $schema ) ); 94 } 95 96 public function test_type_array_with_enum_as_csv() { 97 $schema = get_rest_array_enum_schema(); 98 $this->assertEquals( array( 'ribs', 'chicken' ), rest_sanitize_value_from_schema( 'ribs,chicken', $schema ) ); 99 $this->assertEquals( array( 'chicken', 'coleslaw' ), rest_sanitize_value_from_schema( 'chicken,coleslaw', $schema ) ); 100 } 89 101 } -
tests/phpunit/tests/rest-api/rest-schema-validation.php
diff --git a/tests/phpunit/tests/rest-api/rest-schema-validation.php b/tests/phpunit/tests/rest-api/rest-schema-validation.php index 1d85008..9e10a61 100644
a b class WP_Test_REST_Schema_Validation extends WP_UnitTestCase { 115 115 $this->assertTrue( rest_validate_value_from_schema( '1,2,3', $schema ) ); 116 116 $this->assertWPError( rest_validate_value_from_schema( 'lol', $schema ) ); 117 117 } 118 119 public function test_type_array_with_enum() { 120 $schema = get_rest_array_enum_schema(); 121 $this->assertTrue( rest_validate_value_from_schema( array( 'ribs', 'brisket' ), $schema ) ); 122 $this->assertWPError( rest_validate_value_from_schema( array( 'coleslaw' ), $schema ) ); 123 } 124 125 public function test_type_array_with_enum_as_csv() { 126 $schema = get_rest_array_enum_schema(); 127 $this->assertTrue( rest_validate_value_from_schema( 'ribs,chicken', $schema ) ); 128 $this->assertWPError( rest_validate_value_from_schema( 'chicken,coleslaw', $schema ) ); 129 } 118 130 }