Make WordPress Core

Opened 7 years ago

Last modified 7 years ago

#41604 new defect (bug)

REST API: Attempting to create or update a non-existent setting doesn't return an error response

Reported by: johnbillion's profile johnbillion Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Options, Meta APIs Keywords: needs-patch
Focuses: rest-api Cc:


Attempting to create a new setting via a POST request to /wp/v2/settings returns a 200 response, despite the request having been invalid. The same goes for attempting to update a non-existent setting with a PUT request.

I would have expected maybe a 400 from such requests.

The internal logic in WP_REST_Settings_Controller routes the request through the update_item() method, treats it as a setting update, and silently ignores the problem.

Attachments (1)

41604.test.patch (787 bytes) - added by johnbillion 7 years ago.

Download all attachments as: .zip

Change History (2)

#1 @johnbillion
7 years ago

The test in 41604.test.patch demonstrates the issue.

Note: See TracTickets for help on using tickets.