[wp-trac] [WordPress Trac] #40383: Comments Controller is not checking permission of Custom Post Type controller class
WordPress Trac
noreply at wordpress.org
Fri Apr 7 10:07:39 UTC 2017
#40383: Comments Controller is not checking permission of Custom Post Type
controller class
--------------------------+-----------------------------
Reporter: langan | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 4.7.3
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
In class-wp-rest-comments-controller.php
{{{
protected function check_read_post_permission( $post, $request ) {
$posts_controller = new WP_REST_Posts_Controller(
$post->post_type );
}}}
$posts_controller is hard coded to use WP_REST_Posts_Controller
But what if you have set
{{{
'rest_controller_class' => 'Plugin_REST_CPT_Controller',
}}}
Shouldn't the check_read_post_permission function check for a custom post
type controller class first?
Something like this
{{{
protected function check_read_post_permission( $post, $request ) {
$post_type = get_post_type_object( $post->post_type );
$posts_controller_class = ! empty(
$post_type->rest_controller_class ) ? $post_type->rest_controller_class :
'WP_REST_Posts_Controller';
$posts_controller = new $posts_controller_class(
$post->post_type );
}}}
Would be happy to push a fix for this if needed
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40383>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list