#39012 closed defect (bug) (fixed)
REST API: Capability check for editing a single term should use the singular form
Reported by: | johnbillion | Owned by: | pento |
---|---|---|---|
Milestone: | 4.7 | Priority: | normal |
Severity: | normal | Version: | 4.7 |
Component: | Taxonomy | Keywords: | has-patch commit dev-reviewed |
Focuses: | rest-api | Cc: |
Description
The capability check used in WP_REST_Terms_Controller::get_item_permissions_check()
is edit_terms
, but it should be edit_term
with the associated term ID.
The docblock description also needs correcting.
Attachments (2)
Change History (8)
#4
@
8 years ago
@dd32 @pento and I are discussing both this and #35614 -- and the map_meta_cap() really needs an (int)
here because there's always been weird gremlins in the terms API about numeric strings being thought about as slugs.
$request['id']
is also cast to an int everywhere else in this file. I suggest we put it in both places.
Note: See
TracTickets for help on using
tickets.
Looks good.
I don't think it needs unit tests, short of adding tests for all combinations of singular/plural capabilities.