Grouped merges for 4.8.16.
* REST API: Allow authors to read their own password protected posts. * About page update Merges [50717] to the 4.8 branch. Built from https://develop.svn.wordpress.org/branches/4.8@50734 git-svn-id: http://core.svn.wordpress.org/branches/4.8@50343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
8ebf24672f
commit
0632e81b28
|
@ -45,6 +45,26 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
|
||||||
|
|
||||||
<div class="changelog point-releases">
|
<div class="changelog point-releases">
|
||||||
<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
|
<h3><?php _e( 'Maintenance and Security Releases' ); ?></h3>
|
||||||
|
<p>
|
||||||
|
<?php
|
||||||
|
printf(
|
||||||
|
/* translators: %s: WordPress version number */
|
||||||
|
__( '<strong>Version %s</strong> addressed some security issues.' ),
|
||||||
|
'4.8.16'
|
||||||
|
);
|
||||||
|
?>
|
||||||
|
<?php
|
||||||
|
printf(
|
||||||
|
/* translators: %s: HelpHub URL */
|
||||||
|
__( 'For more information, see <a href="%s">the release notes</a>.' ),
|
||||||
|
sprintf(
|
||||||
|
/* translators: %s: WordPress version */
|
||||||
|
esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ),
|
||||||
|
sanitize_title( '4.8.16' )
|
||||||
|
)
|
||||||
|
);
|
||||||
|
?>
|
||||||
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<?php
|
<?php
|
||||||
printf(
|
printf(
|
||||||
|
|
|
@ -34,6 +34,14 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
*/
|
*/
|
||||||
protected $meta;
|
protected $meta;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Passwordless post access permitted.
|
||||||
|
*
|
||||||
|
* @since 5.7.1
|
||||||
|
* @var int[]
|
||||||
|
*/
|
||||||
|
protected $password_check_passed = array();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
*
|
*
|
||||||
|
@ -142,6 +150,38 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Override the result of the post password check for REST requested posts.
|
||||||
|
*
|
||||||
|
* Allow users to read the content of password protected posts if they have
|
||||||
|
* previously passed a permission check or if they have the `edit_post` capability
|
||||||
|
* for the post being checked.
|
||||||
|
*
|
||||||
|
* @since 5.7.1
|
||||||
|
*
|
||||||
|
* @param bool $required Whether the post requires a password check.
|
||||||
|
* @param WP_Post $post The post been password checked.
|
||||||
|
* @return bool Result of password check taking in to account REST API considerations.
|
||||||
|
*/
|
||||||
|
public function check_password_required( $required, $post ) {
|
||||||
|
if ( ! $required ) {
|
||||||
|
return $required;
|
||||||
|
}
|
||||||
|
|
||||||
|
$post = get_post( $post );
|
||||||
|
|
||||||
|
if ( ! $post ) {
|
||||||
|
return $required;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! empty( $this->password_check_passed[ $post->ID ] ) ) {
|
||||||
|
// Password previously checked and approved.
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ! current_user_can( 'edit_post', $post->ID );
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieves a collection of posts.
|
* Retrieves a collection of posts.
|
||||||
*
|
*
|
||||||
|
@ -298,7 +338,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
|
|
||||||
// Allow access to all password protected posts if the context is edit.
|
// Allow access to all password protected posts if the context is edit.
|
||||||
if ( 'edit' === $request['context'] ) {
|
if ( 'edit' === $request['context'] ) {
|
||||||
add_filter( 'post_password_required', '__return_false' );
|
add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
|
||||||
}
|
}
|
||||||
|
|
||||||
$posts = array();
|
$posts = array();
|
||||||
|
@ -314,7 +354,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
|
|
||||||
// Reset filter.
|
// Reset filter.
|
||||||
if ( 'edit' === $request['context'] ) {
|
if ( 'edit' === $request['context'] ) {
|
||||||
remove_filter( 'post_password_required', '__return_false' );
|
remove_filter( 'post_password_required', array( $this, 'check_password_required' ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
$page = (int) $query_args['paged'];
|
$page = (int) $query_args['paged'];
|
||||||
|
@ -413,7 +453,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
|
|
||||||
// Allow access to all password protected posts if the context is edit.
|
// Allow access to all password protected posts if the context is edit.
|
||||||
if ( 'edit' === $request['context'] ) {
|
if ( 'edit' === $request['context'] ) {
|
||||||
add_filter( 'post_password_required', '__return_false' );
|
add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $post ) {
|
if ( $post ) {
|
||||||
|
@ -442,8 +482,14 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Edit context always gets access to password-protected posts.
|
/*
|
||||||
if ( 'edit' === $request['context'] ) {
|
* Users always gets access to password protected content in the edit
|
||||||
|
* context if they have the `edit_post` meta capability.
|
||||||
|
*/
|
||||||
|
if (
|
||||||
|
'edit' === $request['context'] &&
|
||||||
|
current_user_can( 'edit_post', $post->ID )
|
||||||
|
) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1467,8 +1513,9 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
$has_password_filter = false;
|
$has_password_filter = false;
|
||||||
|
|
||||||
if ( $this->can_access_password_content( $post, $request ) ) {
|
if ( $this->can_access_password_content( $post, $request ) ) {
|
||||||
|
$this->password_check_passed[ $post->ID ] = true;
|
||||||
// Allow access to the post, permissions already checked before.
|
// Allow access to the post, permissions already checked before.
|
||||||
add_filter( 'post_password_required', '__return_false' );
|
add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
|
||||||
|
|
||||||
$has_password_filter = true;
|
$has_password_filter = true;
|
||||||
}
|
}
|
||||||
|
@ -1494,7 +1541,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
|
|
||||||
if ( $has_password_filter ) {
|
if ( $has_password_filter ) {
|
||||||
// Reset filter.
|
// Reset filter.
|
||||||
remove_filter( 'post_password_required', '__return_false' );
|
remove_filter( 'post_password_required', array( $this, 'check_password_required' ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! empty( $schema['properties']['author'] ) ) {
|
if ( ! empty( $schema['properties']['author'] ) ) {
|
||||||
|
|
Loading…
Reference in New Issue