Ticket #45014: 45014.2.diff
File 45014.2.diff, 3.5 KB (added by , 5 years ago) |
---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index d48c03700c..4ca1588e2f 100644
a b class WP_REST_Posts_Controller extends WP_REST_Controller { 1770 1770 $rels[] = 'https://api.w.org/action-publish'; 1771 1771 } 1772 1772 1773 if ( current_user_can( 'unfiltered_html' ) ) { 1774 $rels[] = 'https://api.w.org/action-unfiltered-html'; 1775 } 1776 1773 1777 if ( 'post' === $post_type->name ) { 1774 1778 if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) { 1775 1779 $rels[] = 'https://api.w.org/action-sticky'; … … class WP_REST_Posts_Controller extends WP_REST_Controller { 2179 2183 ); 2180 2184 } 2181 2185 2186 $links[] = array( 2187 'rel' => 'https://api.w.org/action-unfiltered-html', 2188 'title' => __( 'The current user can post HTML markup and JavaScript.' ), 2189 'href' => $href, 2190 'targetSchema' => array( 2191 'type' => 'object', 2192 'properties' => array( 2193 'content' => array( 2194 'raw' => array( 2195 'type' => 'string', 2196 ), 2197 ), 2198 ), 2199 ), 2200 ); 2201 2182 2202 if ( 'post' === $this->post_type ) { 2183 2203 $links[] = array( 2184 2204 'rel' => 'https://api.w.org/action-sticky', -
tests/phpunit/tests/rest-api/rest-posts-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index d8c4936060..4893cb8470 100644
a b class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 3590 3590 $this->assertArrayHasKey( 'https://api.w.org/action-assign-tags', $links ); 3591 3591 } 3592 3592 3593 public function test_assign_unfiltered_html_action_superadmin() { 3594 $post_id = self::factory()->post->create(); 3595 wp_set_current_user( self::$superadmin_id ); 3596 $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id ); 3597 $request->set_param( 'context', 'edit' ); 3598 $response = rest_do_request( $request ); 3599 $links = $response->get_links(); 3600 $this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links ); 3601 } 3602 3603 public function test_assign_unfiltered_html_action_editor() { 3604 $post_id = self::factory()->post->create(); 3605 wp_set_current_user( self::$editor_id ); 3606 $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id ); 3607 $request->set_param( 'context', 'edit' ); 3608 $response = rest_do_request( $request ); 3609 $links = $response->get_links(); 3610 // Editors can only unfiltered html on single site. 3611 if ( is_multisite() ) { 3612 $this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links ); 3613 } else { 3614 $this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links ); 3615 } 3616 } 3617 3618 public function test_assign_unfiltered_html_action_author() { 3619 $post_id = self::factory()->post->create(); 3620 wp_set_current_user( self::$author_id ); 3621 $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id ); 3622 $request->set_param( 'context', 'edit' ); 3623 $response = rest_do_request( $request ); 3624 $links = $response->get_links(); 3625 // Authors can't ever unfiltered html 3626 $this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links ); 3627 } 3628 3593 3629 public function tearDown() { 3594 3630 _unregister_post_type( 'youseeeme' ); 3595 3631 if ( isset( $this->attachment_id ) ) {