Changeset 50734 for branches/4.8
- Timestamp:
- 04/15/2021 01:14:49 AM (3 years ago)
- Location:
- branches/4.8
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.8
-
branches/4.8/src/wp-admin/about.php
r49416 r50734 46 46 <div class="changelog point-releases"> 47 47 <h3><?php _e( 'Maintenance and Security Releases' ); ?></h3> 48 <p> 49 <?php 50 printf( 51 /* translators: %s: WordPress version number */ 52 __( '<strong>Version %s</strong> addressed some security issues.' ), 53 '4.8.16' 54 ); 55 ?> 56 <?php 57 printf( 58 /* translators: %s: HelpHub URL */ 59 __( 'For more information, see <a href="%s">the release notes</a>.' ), 60 sprintf( 61 /* translators: %s: WordPress version */ 62 esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ), 63 sanitize_title( '4.8.16' ) 64 ) 65 ); 66 ?> 67 </p> 48 68 <p> 49 69 <?php -
branches/4.8/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
r46917 r50734 34 34 */ 35 35 protected $meta; 36 37 /** 38 * Passwordless post access permitted. 39 * 40 * @since 5.7.1 41 * @var int[] 42 */ 43 protected $password_check_passed = array(); 36 44 37 45 /** … … 144 152 145 153 /** 154 * Override the result of the post password check for REST requested posts. 155 * 156 * Allow users to read the content of password protected posts if they have 157 * previously passed a permission check or if they have the `edit_post` capability 158 * for the post being checked. 159 * 160 * @since 5.7.1 161 * 162 * @param bool $required Whether the post requires a password check. 163 * @param WP_Post $post The post been password checked. 164 * @return bool Result of password check taking in to account REST API considerations. 165 */ 166 public function check_password_required( $required, $post ) { 167 if ( ! $required ) { 168 return $required; 169 } 170 171 $post = get_post( $post ); 172 173 if ( ! $post ) { 174 return $required; 175 } 176 177 if ( ! empty( $this->password_check_passed[ $post->ID ] ) ) { 178 // Password previously checked and approved. 179 return false; 180 } 181 182 return ! current_user_can( 'edit_post', $post->ID ); 183 } 184 185 /** 146 186 * Retrieves a collection of posts. 147 187 * … … 299 339 // Allow access to all password protected posts if the context is edit. 300 340 if ( 'edit' === $request['context'] ) { 301 add_filter( 'post_password_required', '__return_false');341 add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 ); 302 342 } 303 343 … … 315 355 // Reset filter. 316 356 if ( 'edit' === $request['context'] ) { 317 remove_filter( 'post_password_required', '__return_false');357 remove_filter( 'post_password_required', array( $this, 'check_password_required' ) ); 318 358 } 319 359 … … 414 454 // Allow access to all password protected posts if the context is edit. 415 455 if ( 'edit' === $request['context'] ) { 416 add_filter( 'post_password_required', '__return_false');456 add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 ); 417 457 } 418 458 … … 443 483 } 444 484 445 // Edit context always gets access to password-protected posts. 446 if ( 'edit' === $request['context'] ) { 485 /* 486 * Users always gets access to password protected content in the edit 487 * context if they have the `edit_post` meta capability. 488 */ 489 if ( 490 'edit' === $request['context'] && 491 current_user_can( 'edit_post', $post->ID ) 492 ) { 447 493 return true; 448 494 } … … 1468 1514 1469 1515 if ( $this->can_access_password_content( $post, $request ) ) { 1516 $this->password_check_passed[ $post->ID ] = true; 1470 1517 // Allow access to the post, permissions already checked before. 1471 add_filter( 'post_password_required', '__return_false');1518 add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 ); 1472 1519 1473 1520 $has_password_filter = true; … … 1495 1542 if ( $has_password_filter ) { 1496 1543 // Reset filter. 1497 remove_filter( 'post_password_required', '__return_false');1544 remove_filter( 'post_password_required', array( $this, 'check_password_required' ) ); 1498 1545 } 1499 1546
Note: See TracChangeset
for help on using the changeset viewer.