[wp-trac] [WordPress Trac] #43709: Fix or remove the "delete revision" endpoint
WordPress Trac
noreply at wordpress.org
Wed Apr 18 12:40:22 UTC 2018
#43709: Fix or remove the "delete revision" endpoint
--------------------------------------+------------------------------
Reporter: azaozz | Owner: danielbachhuber
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 5.0
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------------------
Changes (by danielbachhuber):
* keywords: needs-patch => has-patch has-unit-tests
Comment:
In `43709.1.diff`:
* `do_not_allow` is always applied for a `delete_post` check on a
revision.
* `WP_REST_Revisions_Controller->delete_item_permissions_check()` also
verifies that the user can delete the parent post.
* Updates tests correspondingly.
Worth noting: always applying `do_not_allow` in `map_meta_cap()` will be a
breaking change for any code dependent on `current_user_can(
$revision_post_type_object->cap->delete_post, $revision->ID );`. However,
if this was the original intent, the change should be graceful.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43709#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list