Changeset 38911

Timestamp:

10/25/2016 05:12:18 PM (8 years ago)

Author:

joehoyle

Message:

REST API: Validate posts status enum

Currently we are using a different validate callback, so the enum is not interpretted. We just have to fallback to the result of rest_validate_request_arg in our custom wrapper function.

Fixes #38417.

Location:

trunk

Files:

• src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php (modified) (1 diff)
• tests/phpunit/tests/rest-api/rest-posts-controller.php (modified) (1 diff)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

@@ -1948 +1948 @@
     public function validate_user_can_query_private_statuses( $value, $request, $parameter ) {
         if ( 'publish' === $value ) {
-            return true;
+            return rest_validate_request_arg( $value, $request, $parameter );
         }
         $post_type_obj = get_post_type_object( $this->post_type );
         if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
-            return true;
+            return rest_validate_request_arg( $value, $request, $parameter );
         }
         return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );

trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php

@@ -239 +239 @@
         $this->assertEquals( 200, $response->get_status() );
         $this->assertEquals( 1, count( $response->get_data() ) );
+    }
+
+    public function test_get_items_invalid_status_query() {
+        wp_set_current_user( 0 );
+        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request->set_param( 'status', 'invalid' );
+        $response = $this->server->dispatch( $request );
+        $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
     }