Hoist is_object_in_taxonomy to fix invalid errors#10058
Hoist is_object_in_taxonomy to fix invalid errors#10058jkmassel wants to merge 1 commit intoWordPress:trunkfrom
is_object_in_taxonomy to fix invalid errors#10058Conversation
The `wp/v2/menus` API will return a 403 if the `post` parameter refers to a `post` object that isn’t a `nav_menu_item`. This isn’t a permissions issue – it’s just an invalid request, and the response should reflect that.
jkmassel
changed the title
is_object_in_taxonomy to fix invalid errors
|
Hi @jkmassel! 👋 Thank you for your contribution to WordPress! 💖 It looks like this is your first pull request to No one monitors this repository for new pull requests. Pull requests must be attached to a Trac ticket to be considered for inclusion in WordPress Core. To attach a pull request to a Trac ticket, please include the ticket's full URL in your pull request description. Pull requests are never merged on GitHub. The WordPress codebase continues to be managed through the SVN repository that this GitHub repository mirrors. Please feel free to open pull requests to work on any contribution you are making. More information about how GitHub pull requests can be used to contribute to WordPress can be found in the Core Handbook. Please include automated tests. Including tests in your pull request is one way to help your patch be considered faster. To learn about WordPress' test suites, visit the Automated Testing page in the handbook. If you have not had a chance, please review the Contribute with Code page in the WordPress Core Handbook. The Developer Hub also documents the various coding standards that are followed:
Thank you, |
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Core Committers: Use this line as a base for the props when committing in SVN: To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
| * @return bool Whether the terms for the post can be read. | ||
| */ | ||
| public function check_read_terms_permission_for_post( $post, $request ) { | ||
| // If the requested post isn't associated with this taxonomy, deny access. |
There was a problem hiding this comment.
This isn't a permissions check, it's a request validity check, so IMHO it should be moved out of check_read_terms_permission_for_post.
Test using WordPress PlaygroundThe changes in this pull request can previewed and tested using a WordPress Playground instance. WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser. Some things to be aware of
For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation. |
1 participant
The
wp/v2/menusAPI will return a 403 if thepostparameter refers to apostobject that isn’t anav_menu_item. This isn’t a permissions issue – it’s just an invalid request, and the response should reflect that.Trac ticket: https://core.trac.wordpress.org/ticket/64045
This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.