WordPress.org

Make WordPress Core

Ticket #46723: 46723.patch

File 46723.patch, 942 bytes (added by miyauchi, 8 months ago)

It allows to access /themes endpoints if the user has upload_files capability.

  • src/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php

    diff --git src/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php src/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php
    index dbfaa839cb..3494a1f78c 100644
    class WP_REST_Themes_Controller extends WP_REST_Controller { 
    5858         * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
    5959         */
    6060        public function get_items_permissions_check( $request ) {
    61                 if ( ! is_user_logged_in() || ! current_user_can( 'edit_posts' ) ) {
     61                if ( ! is_user_logged_in() || ! ( current_user_can( 'edit_posts' ) || current_user_can( 'upload_files' ) ) ) {
    6262                        return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to view themes.' ), array( 'status' => rest_authorization_required_code() ) );
    6363                }
    6464