[wp-trac] [WordPress Trac] #65050: REST API: Comments controller returns 403 instead of 404 for invalid post ID in update_item()

WordPress Trac noreply at wordpress.org
Tue Apr 21 18:07:31 UTC 2026 

#65050: REST API: Comments controller returns 403 instead of 404 for invalid post
ID in update_item()
-----------------------------------------+-------------------------------
 Reporter:  saratheonline                |       Owner:  saratheonline
     Type:  defect (bug)                 |      Status:  assigned
 Priority:  normal                       |   Milestone:  7.1
Component:  REST API                     |     Version:  trunk
 Severity:  normal                       |  Resolution:
 Keywords:  has-patch changes-requested  |     Focuses:  coding-standards
-----------------------------------------+-------------------------------
Changes (by r1k0):

 * keywords:  has-patch needs-testing changes-requested => has-patch
     changes-requested


Comment:

 == Patch Testing Report

 Patch Tested: Link to the diff patch or GitHub Pull Request

 === Environment
 - WordPress: 7.1-alpha-62161-src
 - PHP: 8.3.30
 - Server: nginx/1.29.5
 - Database: mysqli (Server: 8.4.8 / Client: mysqlnd 8.3.30)
 - Browser: Chrome 147.0.0.0
 - OS: Windows 10/11
 - Theme: Twenty Twenty-Five 1.4
 - MU Plugins: None activated
 - Plugins:
   * Test Reports 1.2.1

 === Steps taken
 1. Ensure you have the **Application password** from "Users > Profile".
 2. In your terminal, run this command:
 {{{
 curl -X POST http://localhost:8889/wp-json/wp/v2/comments/1 \
 -u "admin" \
 -H "Content-Type: application/json" \
 -d '{"post": 9999}'
 }}}
 3. You'll be prompted to enter a password. Enter the password you got from
 **Application Password**.
 4. Perform steps 2 - 3 before and after applying the patch.
 5. ✅ Patch is solving the problem.
 === Expected result
 - A 404 status code response is returned when you try to update with a
 non-existent post ID.

 === Additional Notes
 - Patch fixes the issues, updating keywords (removing "needs-testing").
 Add it back if needed.

 === Screenshots/Screencast with results
 - Before:
 [[Image(https://i.ibb.co/5W6Sygw9/status-code-403.png)]]
 - After:
 [[Image(https://i.ibb.co/fdPmcTnR/status-code-404.png)]]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/65050#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list