WordPress/wp-includes/rest-api
Felix Arntz eb8457d3f4 REST API: Do not allow access to users from a different site in multisite.
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.

This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.

Props jnylen0, jeremyfelt, johnjamesjacoby.
Fixes #39701.

Built from https://develop.svn.wordpress.org/trunk@40106


git-svn-id: http://core.svn.wordpress.org/trunk@40043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-23 22:37:44 +00:00
..
endpoints REST API: Do not allow access to users from a different site in multisite. 2017-02-23 22:37:44 +00:00
fields REST API: Return a WP_Error if meta property is not an array. 2016-12-02 21:56:42 +00:00
class-wp-rest-request.php REST API: Correctly parse body parameters for DELETE requests. 2017-02-23 20:10:44 +00:00
class-wp-rest-response.php DOCS: Replace HTTP links with HTTPS. 2016-06-10 04:50:33 +00:00
class-wp-rest-server.php REST API: After [38947], improve the wording of the message to clarify that rest_authentication_errors is a filter. 2017-02-01 21:32:47 +00:00