Changeset 60838 for branches/4.8/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

Timestamp:

09/30/2025 05:06:32 PM (6 months ago)

Author:

desrosj

Message:

Grouped backports for the 4.8 branch.

• REST API: Increase the specificity of capability checks for collections when the edit context is in use.
• Menus: Prevent HTML in menu item titles from being rendered unexpectedly.

Merges [60814], [60815], [60816] to the 4.8 branch.

Props andraganescu, desrosj, ehti, hurayraiit, iandunn, joehoyle, johnbillion, jorbin, mnelson4, noisysocks, peterwilsoncc, phillsav, rmccue, timothyblynjacobs, vortfu, westonruter , whyisjake, zieladam.

Location:

branches/4.8

Files:

• . (modified) (1 prop)
• src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php (modified) (1 diff)

branches/4.8/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

@@ -345 +345 @@
 
         foreach ( $query_result as $post ) {
-            if ( ! $this->check_read_permission( $post ) ) {
+            if ( 'edit' === $request['context'] ) {
+                $permission = $this->check_update_permission( $post );
+            } else {
+                $permission = $this->check_read_permission( $post );
+            }
+
+            if ( ! $permission ) {
                 continue;
             }