- Timestamp:
- 01/26/2017 01:38:27 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
r39488 r39954 72 72 73 73 register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base, array( 74 'args' => array( 75 'parent' => array( 76 'description' => __( 'The ID for the parent of the object.' ), 77 'type' => 'integer', 78 ), 79 ), 74 80 array( 75 81 'methods' => WP_REST_Server::READABLE, … … 82 88 83 89 register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)', array( 90 'args' => array( 91 'parent' => array( 92 'description' => __( 'The ID for the parent of the object.' ), 93 'type' => 'integer', 94 ), 95 'id' => array( 96 'description' => __( 'Unique identifier for the object.' ), 97 'type' => 'integer', 98 ), 99 ), 84 100 array( 85 101 'methods' => WP_REST_Server::READABLE, … … 108 124 109 125 /** 126 * Get the parent post, if the ID is valid. 127 * 128 * @since 4.7.2 129 * 130 * @param int $id Supplied ID. 131 * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. 132 */ 133 protected function get_parent( $parent ) { 134 $error = new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) ); 135 if ( (int) $parent <= 0 ) { 136 return $error; 137 } 138 139 $parent = get_post( (int) $parent ); 140 if ( empty( $parent ) || empty( $parent->ID ) || $this->parent_post_type !== $parent->post_type ) { 141 return $error; 142 } 143 144 return $parent; 145 } 146 147 /** 110 148 * Checks if a given request has access to get revisions. 111 149 * … … 117 155 */ 118 156 public function get_items_permissions_check( $request ) { 119 120 $parent = get_post( $request['parent'] );121 if ( ! $parent ) {122 return true;123 } 157 $parent = $this->get_parent( $request['parent'] ); 158 if ( is_wp_error( $parent ) ) { 159 return $parent; 160 } 161 124 162 $parent_post_type_obj = get_post_type_object( $parent->post_type ); 125 163 if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { … … 131 169 132 170 /** 171 * Get the revision, if the ID is valid. 172 * 173 * @since 4.7.2 174 * 175 * @param int $id Supplied ID. 176 * @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise. 177 */ 178 protected function get_revision( $id ) { 179 $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) ); 180 if ( (int) $id <= 0 ) { 181 return $error; 182 } 183 184 $revision = get_post( (int) $id ); 185 if ( empty( $revision ) || empty( $revision->ID ) || 'revision' !== $revision->post_type ) { 186 return $error; 187 } 188 189 return $revision; 190 } 191 192 /** 133 193 * Gets a collection of revisions. 134 194 * … … 140 200 */ 141 201 public function get_items( $request ) { 142 $parent = get_post( $request['parent'] );143 if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type) {144 return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );202 $parent = $this->get_parent( $request['parent'] ); 203 if ( is_wp_error( $parent ) ) { 204 return $parent; 145 205 } 146 206 … … 178 238 */ 179 239 public function get_item( $request ) { 180 $parent = get_post( $request['parent'] );181 if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type) {182 return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );183 } 184 185 $revision = get_post( $request['id'] );186 if ( ! $revision || 'revision' !== $revision->post_type) {187 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );240 $parent = $this->get_parent( $request['parent'] ); 241 if ( is_wp_error( $parent ) ) { 242 return $parent; 243 } 244 245 $revision = $this->get_revision( $request['id'] ); 246 if ( is_wp_error( $revision ) ) { 247 return $revision; 188 248 } 189 249 … … 202 262 */ 203 263 public function delete_item_permissions_check( $request ) { 264 $parent = $this->get_parent( $request['parent'] ); 265 if ( is_wp_error( $parent ) ) { 266 return $parent; 267 } 268 269 $revision = $this->get_revision( $request['id'] ); 270 if ( is_wp_error( $revision ) ) { 271 return $revision; 272 } 204 273 205 274 $response = $this->get_items_permissions_check( $request ); … … 208 277 } 209 278 210 $post = get_post( $request['id'] );211 if ( ! $post ) {212 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );213 }214 279 $post_type = get_post_type_object( 'revision' ); 215 return current_user_can( $post_type->cap->delete_post, $ post->ID );280 return current_user_can( $post_type->cap->delete_post, $revision->ID ); 216 281 } 217 282 … … 226 291 */ 227 292 public function delete_item( $request ) { 293 $revision = $this->get_revision( $request['id'] ); 294 if ( is_wp_error( $revision ) ) { 295 return $revision; 296 } 297 228 298 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 229 299 … … 233 303 } 234 304 235 $revision = get_post( $request['id'] );236 305 $previous = $this->prepare_item_for_response( $revision, $request ); 237 306
Note: See TracChangeset
for help on using the changeset viewer.