WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/24/2020 04:02:34 PM (11 months ago)
Author:
TimothyBlynJacobs
Message:

REST API: Don't validate status if it hasn't changed.

In particular, this allows for sending status=inherit to an attachment if it's current status is inherit. This status would be rejected because it is an "internal" post status which isn't exposed.

As a general rule, a developer should always be able to PUT back a GET response without error.

Props dfenton, pputzer, TimothyBlynJacobs.
Fixes #40399.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

    r49301 r49302  
    10531053     */
    10541054    protected function prepare_item_for_database( $request ) {
    1055         $prepared_post = new stdClass();
     1055        $prepared_post  = new stdClass();
     1056        $current_status = '';
    10561057
    10571058        // Post ID.
     
    10631064
    10641065            $prepared_post->ID = $existing_post->ID;
     1066            $current_status    = $existing_post->post_status;
    10651067        }
    10661068
     
    11061108
    11071109        // Post status.
    1108         if ( ! empty( $schema['properties']['status'] ) && isset( $request['status'] ) ) {
     1110        if (
     1111            ! empty( $schema['properties']['status'] ) &&
     1112            isset( $request['status'] ) &&
     1113            ( ! $current_status || $current_status !== $request['status'] )
     1114        ) {
    11091115            $status = $this->handle_status_param( $request['status'], $post_type );
    11101116
     
    12541260        return apply_filters( "rest_pre_insert_{$this->post_type}", $prepared_post, $request );
    12551261
     1262    }
     1263
     1264    /**
     1265     * Checks whether the status is valid for the given post.
     1266     *
     1267     * Allows for sending an update request with the current status, even if that status would not be acceptable.
     1268     *
     1269     * @since 5.6.0
     1270     *
     1271     * @param string          $status  The provided status.
     1272     * @param WP_REST_Request $request The request object.
     1273     * @param string          $param   The parameter name.
     1274     * @return true|WP_Error True if the status is valid, or WP_Error if not.
     1275     */
     1276    public function check_status( $status, $request, $param ) {
     1277        if ( $request['id'] ) {
     1278            $post = $this->get_post( $request['id'] );
     1279
     1280            if ( ! is_wp_error( $post ) && $post->post_status === $status ) {
     1281                return true;
     1282            }
     1283        }
     1284
     1285        $args = $request->get_attributes()['args'][ $param ];
     1286
     1287        return rest_validate_value_from_schema( $status, $args, $param );
    12561288    }
    12571289
     
    21162148                    'enum'        => array_keys( get_post_stati( array( 'internal' => false ) ) ),
    21172149                    'context'     => array( 'view', 'edit' ),
     2150                    'arg_options' => array(
     2151                        'validate_callback' => array( $this, 'check_status' ),
     2152                    ),
    21182153                ),
    21192154                'type'         => array(
Note: See TracChangeset for help on using the changeset viewer.