WordPress.org

Make WordPress Core

Changeset 42422


Ignore:
Timestamp:
12/30/2017 08:48:10 PM (3 years ago)
Author:
rachelbaker
Message:

REST API: Return the proper status code for failed permission callbacks in WP_REST_Server->dispatch().

Use the rest_authorization_required_code() function to return a 401 status code when a permission callback fails due to a user not being logged in.

Merges [42421] to the 4.9 branch.

Props jaswrks.
Fixes #42828.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-includes/rest-api/class-wp-rest-server.php

    r41223 r42422  
    909909                            $response = $permission;
    910910                        } elseif ( false === $permission || null === $permission ) {
    911                             $response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => 403 ) );
     911                            $response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => rest_authorization_required_code() ) );
    912912                        }
    913913                    }
Note: See TracChangeset for help on using the changeset viewer.