REST API: Check post meta update authorization only when value is changed.
Resolves a bug where a post save will be reported as failed if the post includes any meta keys the current user does not have authorization to update, even when those meta values are unchanged. Write authorization is now checked for a meta key only when the value of that key has changed, so that passing a REST response back unchanged will not cause failures. Authorization is only needed when data will be updated. Props ckoerner, TimothyBlynJacobs, spacedmonkey Built from https://develop.svn.wordpress.org/trunk@56075 git-svn-id: http://core.svn.wordpress.org/trunk@55587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
80abb55903
commit
0d9723a44e
|
@ -368,6 +368,16 @@ abstract class WP_REST_Meta_Fields {
|
||||||
protected function update_meta_value( $object_id, $meta_key, $name, $value ) {
|
protected function update_meta_value( $object_id, $meta_key, $name, $value ) {
|
||||||
$meta_type = $this->get_meta_type();
|
$meta_type = $this->get_meta_type();
|
||||||
|
|
||||||
|
// Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false.
|
||||||
|
$old_value = get_metadata( $meta_type, $object_id, $meta_key );
|
||||||
|
$subtype = get_object_subtype( $meta_type, $object_id );
|
||||||
|
|
||||||
|
if ( is_array( $old_value ) && 1 === count( $old_value )
|
||||||
|
&& $this->is_meta_value_same_as_stored_value( $meta_key, $subtype, $old_value[0], $value )
|
||||||
|
) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
if ( ! current_user_can( "edit_{$meta_type}_meta", $object_id, $meta_key ) ) {
|
if ( ! current_user_can( "edit_{$meta_type}_meta", $object_id, $meta_key ) ) {
|
||||||
return new WP_Error(
|
return new WP_Error(
|
||||||
'rest_cannot_update',
|
'rest_cannot_update',
|
||||||
|
@ -380,16 +390,6 @@ abstract class WP_REST_Meta_Fields {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false.
|
|
||||||
$old_value = get_metadata( $meta_type, $object_id, $meta_key );
|
|
||||||
$subtype = get_object_subtype( $meta_type, $object_id );
|
|
||||||
|
|
||||||
if ( is_array( $old_value ) && 1 === count( $old_value )
|
|
||||||
&& $this->is_meta_value_same_as_stored_value( $meta_key, $subtype, $old_value[0], $value )
|
|
||||||
) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ! update_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) {
|
if ( ! update_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) {
|
||||||
return new WP_Error(
|
return new WP_Error(
|
||||||
'rest_meta_database_error',
|
'rest_meta_database_error',
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.3-alpha-56074';
|
$wp_version = '6.3-alpha-56075';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue