[wp-trac] [WordPress Trac] #52112: get_test_rest_availability() test should point to diffrent ednpoint (where no current_user_can() check is made)

WordPress Trac noreply at wordpress.org
Fri Dec 18 10:45:56 UTC 2020


#52112: get_test_rest_availability() test should point to diffrent ednpoint (where
no current_user_can() check is made)
--------------------------+-----------------------------
 Reporter:  szaqal21      |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Site Health   |    Version:  5.6
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Using system cron, when **wp_site_health_scheduled_check** event is
 triggered there is no way to determine user (auth cookie isn't set this
 causes wp_get_current_user() return "empty" user) this scenario results
 REST API unavailable because /wp-json/wp/v2/types/post?context=edit
 endpoint does caps check

 {{{#!php
 <?php
 if ( 'edit' === $request['context'] && ! current_user_can(
 $obj->cap->edit_posts ) ) {
                         return new WP_Error(
                                 'rest_forbidden_context',
                                 __( 'Sorry, you are not allowed to edit
 posts in this post type.' ),
                                 array( 'status' =>
 rest_authorization_required_code() )
                         );
                 }
 }}}

 Triggering Site Health from wp-admin (browser) works fine because user is
 authenticated by auth cookie.

 get_test_rest_availability() should check endpoint where no caps check is
 made or ?context=edit should be removed to bypass caps check.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52112>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list