WordPress.org

Make WordPress Core


Ignore:
Timestamp:
11/18/16 19:06:26 (12 months ago)
Author:
joehoyle
Message:

REST API: Check read permissions on posts when viewing comments.

With a few tests for getting / creating comments to reflect core behaviour.

Props timmyc.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r39292 r39295  
    14551455    protected function check_read_post_permission( $post ) { 
    14561456        $posts_controller = new WP_REST_Posts_Controller( $post->post_type ); 
     1457        $post_type = get_post_type_object( $post->post_type ); 
     1458 
     1459        if ( post_password_required( $post ) ) { 
     1460            return current_user_can( $post_type->cap->edit_post, $post->ID ); 
     1461        } 
    14571462 
    14581463        return $posts_controller->check_read_permission( $post ); 
Note: See TracChangeset for help on using the changeset viewer.