REST API: Allow unsetting a post’s password.

Props danielbachhuber, iseulde.
Fixes #38919.
Built from https://develop.svn.wordpress.org/trunk@39352


git-svn-id: http://core.svn.wordpress.org/trunk@39292 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

@@ -973,9 +973,10 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
 		}
 
 		// Post password.
-		if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) && '' !== $request['password'] ) {
+		if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) ) {
 			$prepared_post->post_password = $request['password'];
 
+			if ( '' !== $request['password'] ) {
 				if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) {
 					return new WP_Error( 'rest_invalid_field', __( 'A post can not be sticky and have a password.' ), array( 'status' => 400 ) );
 				}
@@ -984,6 +985,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
 					return new WP_Error( 'rest_invalid_field', __( 'A sticky post can not be password protected.' ), array( 'status' => 400 ) );
 				}
 			}
+		}
 
 		if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) {
 			if ( ! empty( $prepared_post->ID ) && post_password_required( $prepared_post->ID ) ) {

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-beta4-39351';
+$wp_version = '4.7-beta4-39352';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.