Make WordPress Core

Opened 5 weeks ago

#44119 new enhancement

WP API post status queries don't work with custom public post stati

Reported by: hurtige Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.5
Component: REST API Keywords:
Focuses: Cc:


The WP API only allows unpriv list requests to the posts controller for the publish status.

Shouldn't custom post stati with 'public' => true, 'private' => false be query-able like so?


Currently, requests for posts with a custom post stati result in:

{"code":"rest_invalid_param","message":"Invalid parameter(s): status","data":{"status":400,"params":{"status":"Status is forbidden."}}}

I've tested this behavior with the Codex provided custom post type example:

register_post_status( 'unread', array(
	'label'                     => _x( 'Unread', 'post' ),
	'public'                    => true,
	'exclude_from_search'       => false,
	'show_in_admin_all_list'    => true,
	'show_in_admin_status_list' => true,
	'label_count'               => _n_noop( 'Unread <span class="count">(%s)</span>', 'Unread <span class="count">(%s)</span>' ),
) );

and tracked this back to sanitize_posts_statuses in WP_REST_Posts_Controller which assumes all post stati that differ from the default (publish) must be private and require edit_posts https://github.com/WordPress/WordPress/blob/4.9.5/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php#L2279

Change History (0)

Note: See TracTickets for help on using tickets.