Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-30 16:55:02 +02:00
Code Issues Projects Releases Wiki Activity

REST API: Fix revisions controller get_item permission check.

Browse Source 
r45812 incorrectly introduced a delete_post permissions check into the get_item method, breaking some plugins which requested revisions when generating previews.

Bring this commit back to the 5.4 branch.

Props sorenbronsted, yohannp, TimothyBlynJacobs.

Fixes #49645.

Built from https://develop.svn.wordpress.org/branches/5.4@47562


git-svn-id: http://core.svn.wordpress.org/branches/5.4@47337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
whyisjake 2020-04-09 22:52:07 +00:00
parent 2c5a618d63
commit 3b39d1e4a0
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
View File

@ -384,16 +384,6 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
return $parent;
}
$parent_post_type = get_post_type_object( $parent->post_type );
if ( ! current_user_can( $parent_post_type->cap->delete_post, $parent->ID ) ) {
return new WP_Error(
'rest_cannot_delete',
__( 'Sorry, you are not allowed to delete revisions of this post.' ),
array( 'status' => rest_authorization_required_code() )
);
}
$revision = $this->get_revision( $request['id'] );
if ( is_wp_error( $revision ) ) {
return $revision;
@ -417,6 +407,16 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
return $parent;
}
$parent_post_type = get_post_type_object( $parent->post_type );
if ( ! current_user_can( $parent_post_type->cap->delete_post, $parent->ID ) ) {
return new WP_Error(
'rest_cannot_delete',
__( 'Sorry, you are not allowed to delete revisions of this post.' ),
array( 'status' => rest_authorization_required_code() )
);
}
$revision = $this->get_revision( $request['id'] );
if ( is_wp_error( $revision ) ) {
return $revision;
@ -446,7 +446,7 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True on success, or WP_Error object on failure.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function delete_item( $request ) {
$revision = $this->get_revision( $request['id'] );

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.4.1-alpha-47561';
$wp_version = '5.4.1-alpha-47562';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.