WordPress.org
Get WordPress

Make WordPress Core

Changeset 60357


Ignore:
Timestamp:
06/27/2025 02:25:07 PM (2 weeks ago)
Author:
johnbillion
Message:

Options, Meta APIs: Account for URL query parameters when checking the validity of requests to the /wp/v2/settings REST API route.

Follow-up to [60301].

Props sheldorofazeroth, Mamaduka, wildworks, johnbillion

Fixes #41604

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php

    r60301 r60357  
    146146        $options = $this->get_registered_options();
    147147
    148         $params = $request->get_params();
     148        $params = array_diff_key( $request->get_params(), $request->get_query_params() );
    149149
    150150        if ( empty( $params ) || ! empty( array_diff_key( $params, $options ) ) ) {

  • trunk/tests/phpunit/tests/rest-api/rest-settings-controller.php

    r60301 r60357  
    398398    }
    399399
     400    /**
     401     * @ticket 41604
     402     */
    400403    public function test_update_item() {
    401404        wp_set_current_user( self::$administrator );
     
    411414    }
    412415
     416    /**
     417     * @ticket 41604
     418     */
     419    public function test_update_item_with_global_parameters_present() {
     420        wp_set_current_user( self::$administrator );
     421
     422        $request = new WP_REST_Request( 'PUT', '/wp/v2/settings' );
     423        $request->set_param( 'title', 'The new title!' );
     424        $request->set_url_params( array( '_locale' => 'user' ) );
     425        $response = rest_get_server()->dispatch( $request );
     426        $data     = $response->get_data();
     427
     428        $this->assertSame( 200, $response->get_status() );
     429        $this->assertSame( 'The new title!', $data['title'] );
     430        $this->assertSame( get_option( 'blogname' ), $data['title'] );
     431    }
     432
     433    /**
     434     * @ticket 41604
     435     */
     436    public function test_update_item_with_empty_body() {
     437        wp_set_current_user( self::$administrator );
     438
     439        $request  = new WP_REST_Request( 'PUT', '/wp/v2/settings' );
     440        $response = rest_get_server()->dispatch( $request );
     441        $data     = $response->get_data();
     442
     443        $this->assertSame( 400, $response->get_status() );
     444    }
     445
     446    /**
     447     * @ticket 41604
     448     */
    413449    public function test_update_nonexistent_item() {
    414450        wp_set_current_user( self::$administrator );
     
    421457    }
    422458
     459    /**
     460     * @ticket 41604
     461     */
    423462    public function test_update_partially_valid_items() {
    424463        wp_set_current_user( self::$administrator );
Note: See TracChangeset for help on using the changeset viewer.