Context Navigation

← Previous Change
Next Change →

class-wp-rest-meta-fields.php

Timestamp:

06/27/2023 05:24:44 PM (23 months ago)

Author:

kadamwhite

Message:

REST API: Check post meta update authorization only when value is changed.

Resolves a bug where a post save will be reported as failed if the post includes any meta keys the current user does not have authorization to update, even when those meta values are unchanged.
Write authorization is now checked for a meta key only when the value of that key has changed, so that passing a REST response back unchanged will not cause failures.
Authorization is only needed when data will be updated.

Props ckoerner, TimothyBlynJacobs, spacedmonkey

File:

: 1 edited

trunk/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php

-                      r54133
+                      r56075
         $meta_type = $this->get_meta_type();
+        // Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false.
+        $old_value = get_metadata( $meta_type, $object_id, $meta_key );
+        $subtype   = get_object_subtype( $meta_type, $object_id );
+        if ( is_array( $old_value ) && 1 === count( $old_value )
+            && $this->is_meta_value_same_as_stored_value( $meta_key, $subtype, $old_value[0], $value )
+        ) {
+            return true;
+        }
         if ( ! current_user_can( "edit_{$meta_type}_meta", $object_id, $meta_key ) ) {
             return new WP_Error(
 …
+                )
             );
+        }
-        // Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false.
-        $old_value = get_metadata( $meta_type, $object_id, $meta_key );
-        $subtype   = get_object_subtype( $meta_type, $object_id );
-        if ( is_array( $old_value ) && 1 === count( $old_value )
-            && $this->is_meta_value_same_as_stored_value( $meta_key, $subtype, $old_value[0], $value )
-        ) {
-            return true;
+        }

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 56075 for trunk/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php

Legend:

trunk/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php

Download in other formats: