[wp-trac] [WordPress Trac] #52925: Autosaves controller: Post checks will never catch invalid IDs
WordPress Trac
noreply at wordpress.org
Sat Mar 27 00:28:03 UTC 2021
#52925: Autosaves controller: Post checks will never catch invalid IDs
--------------------------+-----------------------------
Reporter: coreymckrill | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
The `create_item` and `create_post_autosave` methods both try to check if
the id parameter in a request is for a valid post, by calling the get_post
function. The problem is that both methods expect that if it's not a valid
post, it will return a WP_Error object, when in fact get_post only returns
null on failure.
The Posts controller has a protected get_post method that will generate an
appropriate WP_Error for this case, but neither the Autosaves, nor its
parent Revisions controller has a similar method. Copying that method to
the Revisions controller, and then using it in the `create_*` methods
seems like the best approach here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52925>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list