Make WordPress Core

Changeset 39595


Ignore:
Timestamp:
12/13/2016 03:51:01 AM (8 years ago)
Author:
jnylen0
Message:

REST API: Do not include the password argument when getting media items

Currently, attachment is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.

Fixes #38977.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

    r39440 r39595  
    7878        ) );
    7979
     80        $schema = $this->get_item_schema();
     81        $get_item_args = array(
     82            'context'  => $this->get_context_param( array( 'default' => 'view' ) ),
     83        );
     84        if ( isset( $schema['properties']['password'] ) ) {
     85            $get_item_args['password'] = array(
     86                'description' => __( 'The password for the post if it is password protected.' ),
     87                'type'        => 'string',
     88            );
     89        }
    8090        register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
    8191            array(
     
    8393                'callback'            => array( $this, 'get_item' ),
    8494                'permission_callback' => array( $this, 'get_item_permissions_check' ),
    85                 'args'                => array(
    86                     'context'  => $this->get_context_param( array( 'default' => 'view' ) ),
    87                     'password' => array(
    88                         'description' => __( 'The password for the post if it is password protected.' ),
    89                         'type'        => 'string',
    90                     ),
    91                 ),
     95                'args'                => $get_item_args,
    9296            ),
    9397            array(
  • trunk/tests/phpunit/tests/rest-api/rest-attachments-controller.php

    r39182 r39595  
    171171        }
    172172        $this->assertEqualSets( $media_types, $data['endpoints'][0]['args']['media_type']['enum'] );
     173    }
     174
     175    public function test_registered_get_item_params() {
     176        $id1 = $this->factory->attachment->create_object( $this->test_file, 0, array(
     177            'post_mime_type' => 'image/jpeg',
     178            'post_excerpt'   => 'A sample caption',
     179        ) );
     180        $request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/media/%d', $id1 ) );
     181        $response = $this->server->dispatch( $request );
     182        $data = $response->get_data();
     183        $keys = array_keys( $data['endpoints'][0]['args'] );
     184        sort( $keys );
     185        $this->assertEquals( array( 'context' ), $keys );
    173186    }
    174187
  • trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php

    r39440 r39595  
    120120            'tags_exclude',
    121121            ), $keys );
     122    }
     123
     124    public function test_registered_get_item_params() {
     125        $request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
     126        $response = $this->server->dispatch( $request );
     127        $data = $response->get_data();
     128        $keys = array_keys( $data['endpoints'][0]['args'] );
     129        sort( $keys );
     130        $this->assertEquals( array( 'context', 'password' ), $keys );
    122131    }
    123132
Note: See TracChangeset for help on using the changeset viewer.