WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-03-09 07:00:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

REST API: Fix revisions controller get_item permission check.

Browse Source 
r45812 incorrectly introduced a delete_post permissions check into the get_item method, breaking some plugins which requested revisions when generating previews.

Props sorenbronsted, yohannp, TimothyBlynJacobs.
Fixes #49645.

Built from https://develop.svn.wordpress.org/trunk@47547


git-svn-id: http://core.svn.wordpress.org/trunk@47322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
K. Adam White 2020-04-03 19:40:08 +00:00
parent 441001f29f
commit 51619c00a4
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
View File

@ -384,16 +384,6 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
return $parent; return $parent;
} }
$parent_post_type = get_post_type_object( $parent->post_type );
if ( ! current_user_can( $parent_post_type->cap->delete_post, $parent->ID ) ) {
return new WP_Error(
'rest_cannot_delete',
__( 'Sorry, you are not allowed to delete revisions of this post.' ),
array( 'status' => rest_authorization_required_code() )
);
}
$revision = $this->get_revision( $request['id'] ); $revision = $this->get_revision( $request['id'] );
if ( is_wp_error( $revision ) ) { if ( is_wp_error( $revision ) ) {
return $revision; return $revision;
@ -417,6 +407,16 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
return $parent; return $parent;
} }
$parent_post_type = get_post_type_object( $parent->post_type );
if ( ! current_user_can( $parent_post_type->cap->delete_post, $parent->ID ) ) {
return new WP_Error(
'rest_cannot_delete',
__( 'Sorry, you are not allowed to delete revisions of this post.' ),
array( 'status' => rest_authorization_required_code() )
);
}
$revision = $this->get_revision( $request['id'] ); $revision = $this->get_revision( $request['id'] );
if ( is_wp_error( $revision ) ) { if ( is_wp_error( $revision ) ) {
return $revision; return $revision;
@ -446,7 +446,7 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
* @since 4.7.0 * @since 4.7.0
* *
* @param WP_REST_Request $request Full details about the request. * @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True on success, or WP_Error object on failure. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/ */
public function delete_item( $request ) { public function delete_item( $request ) {
$revision = $this->get_revision( $request['id'] ); $revision = $this->get_revision( $request['id'] );

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.5-alpha-47546'; $wp_version = '5.5-alpha-47547';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.