Ticket #39061: 39061.3.diff

src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

@@ -317 +317 @@
                 }
 
                 $max_pages = ceil( $total_posts / (int) $posts_query->query_vars['posts_per_page'] );
+
+                if ( $page > $max_pages && $total_posts > 0) {
+                        return new WP_Error( 'rest_post_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) );
+                }
+
                 $response  = rest_ensure_response( $posts );
 
                 $response->header( 'X-WP-Total', (int) $total_posts );

tests/phpunit/tests/rest-api/rest-posts-controller.php

@@ -820 +820 @@
                 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
         }
 
+        /**
+         * @ticket 39061
+         */
+        public function test_get_items_invalid_max_pages() {
+                // Out of bounds
+                $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+                $request->set_param( 'page', REST_TESTS_IMPOSSIBLY_HIGH_NUMBER );
+                $response = $this->server->dispatch( $request );
+                $this->assertErrorResponse( 'rest_post_invalid_page_number', $response, 400 );
+        }
+
         public function test_get_items_invalid_context() {
                 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
                 $request->set_param( 'context', 'banana' );