[wp-trac] [WordPress Trac] #42828: Hard-coded 403 status in REST response should use `rest_authorization_required_code()`
WordPress Trac
noreply at wordpress.org
Thu Dec 7 14:00:18 UTC 2017
#42828: Hard-coded 403 status in REST response should use
`rest_authorization_required_code()`
--------------------------+-----------------------------
Reporter: jaswrks | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: rest-api |
--------------------------+-----------------------------
Line 911 in the `WP_REST_Server` class currently uses a hard-coded 403
error code. It should be calling upon `rest_authorization_required_code()`
to determine the proper response code; e.g., 401 instead of a 403 whenever
a user is not logged-in.
{{{#!php
<?php
$response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not
allowed to do that.' ), array( 'status' => 403 ) );
}}}
Should be:
{{{#!php
<?php
$response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not
allowed to do that.' ), array( 'status' =>
rest_authorization_required_code() ) );
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42828>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list