Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#38919 closed defect (bug) (fixed)

REST API: Can't unset password

Reported by: iseulde Owned by: joehoyle
Milestone: 4.7 Priority: normal
Severity: normal Version: 4.7
Component: REST API Keywords: has-patch has-unit-tests
Focuses: Cc:


Once a password is set, it's not possible to unset it. The password is explicitly prevented from being set when it's an empty string:

if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) && '' !== $request['password'] ) {
  $prepared_post->post_password = $request['password'];

Is there a reason for this? Not sure if I'm missing something.

Attachments (1)

38919.1.diff (2.7 KB) - added by danielbachhuber 4 years ago.

Download all attachments as: .zip

Change History (8)

#1 @danielbachhuber
4 years ago

  • Keywords has-patch has-unit-tests added
  • Milestone changed from Awaiting Review to 4.7


#2 @iseulde
4 years ago

Nice. Works well.

#3 @swissspidy
4 years ago

Why are there two separate error messages? 'A post can not be sticky and have a password.' and 'A sticky post can not be password protected.'

This ticket was mentioned in Slack in #core by helen. View the logs.

4 years ago

#5 @danielbachhuber
4 years ago

@swissspidy Technically, there are two separate scenarios: Post already has sticky=true, vs. sticky=true is in the request.

This ticket was mentioned in Slack in #core-restapi by danielbachhuber. View the logs.

4 years ago

#7 @joehoyle
4 years ago

  • Owner set to joehoyle
  • Resolution set to fixed
  • Status changed from new to closed

In 39352:

REST API: Allow unsetting a post’s password.

Props danielbachhuber, iseulde.
Fixes #38919.

Note: See TracTickets for help on using tickets.