WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-16 11:35:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

REST API: Require the reassign parameter when deleting users.

Browse Source 
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Props jeremyfelt.
Fixes #39000.


Built from https://develop.svn.wordpress.org/trunk@39426


git-svn-id: http://core.svn.wordpress.org/trunk@39366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Gary Pendergast 2016-12-02 06:54:42 +00:00
parent b3ec5693a5
commit 161a41e44c
2 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
View File

@ -92,6 +92,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
'reassign' => array( 'reassign' => array(
'type' => 'integer', 'type' => 'integer',
'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
'required' => true,
'sanitize_callback' => array( $this, 'check_reassign' ),
), ),
), ),
), ),
@ -125,6 +127,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
'reassign' => array( 'reassign' => array(
'type' => 'integer', 'type' => 'integer',
'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
'required' => true,
'sanitize_callback' => array( $this, 'check_reassign' ),
), ),
), ),
), ),
@ -132,6 +136,31 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
)); ));
} }
/**
* Checks for a valid value for the reassign parameter when deleting users.
*
* The value can be an integer, 'false', false, or ''.
*
* @since 4.7.0
*
* @param int|bool $value The value passed to the reassign parameter.
* @param WP_REST_Request $request Full details about the request.
* @param string $param The parameter that is being sanitized.
*
* @return int|bool|WP_Error
*/
public function check_reassign( $value, $request, $param ) {
if ( is_numeric( $value ) ) {
return $value;
}
if ( empty( $value ) || false === $value || 'false' === $value ) {
return false;
}
return new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
}
/** /**
* Permissions check for getting all users. * Permissions check for getting all users.
* *
@ -673,7 +702,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
*/ */
public function delete_item( $request ) { public function delete_item( $request ) {
$id = (int) $request['id']; $id = (int) $request['id'];
$reassign = isset( $request['reassign'] ) ? absint( $request['reassign'] ) : null; $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
$force = isset( $request['force'] ) ? (bool) $request['force'] : false; $force = isset( $request['force'] ) ? (bool) $request['force'] : false;
// We don't support trashing for users. // We don't support trashing for users.

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.8-alpha-39424'; $wp_version = '4.8-alpha-39426';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.