[wp-trac] [WordPress Trac] #52112: get_test_rest_availability() test should point to diffrent ednpoint (where no current_user_can() check is made)
WordPress Trac
noreply at wordpress.org
Fri Dec 18 10:45:56 UTC 2020
#52112: get_test_rest_availability() test should point to diffrent ednpoint (where
no current_user_can() check is made)
--------------------------+-----------------------------
Reporter: szaqal21 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Site Health | Version: 5.6
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Using system cron, when **wp_site_health_scheduled_check** event is
triggered there is no way to determine user (auth cookie isn't set this
causes wp_get_current_user() return "empty" user) this scenario results
REST API unavailable because /wp-json/wp/v2/types/post?context=edit
endpoint does caps check
{{{#!php
<?php
if ( 'edit' === $request['context'] && ! current_user_can(
$obj->cap->edit_posts ) ) {
return new WP_Error(
'rest_forbidden_context',
__( 'Sorry, you are not allowed to edit
posts in this post type.' ),
array( 'status' =>
rest_authorization_required_code() )
);
}
}}}
Triggering Site Health from wp-admin (browser) works fine because user is
authenticated by auth cookie.
get_test_rest_availability() should check endpoint where no caps check is
made or ?context=edit should be removed to bypass caps check.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52112>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list