--- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php Thu Sep 29 08:06:27 2022 +0200
+++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php Fri Sep 05 18:40:08 2025 +0200
@@ -25,6 +25,14 @@
protected $meta;
/**
+ * Whether the controller supports batching.
+ *
+ * @since 6.6.0
+ * @var array
+ */
+ protected $allow_batch = array( 'v1' => true );
+
+ /**
* Constructor.
*
* @since 4.7.0
@@ -61,7 +69,8 @@
'permission_callback' => array( $this, 'create_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
),
- 'schema' => array( $this, 'get_public_item_schema' ),
+ 'allow_batch' => $this->allow_batch,
+ 'schema' => array( $this, 'get_public_item_schema' ),
)
);
@@ -69,7 +78,7 @@
$this->namespace,
'/' . $this->rest_base . '/(?P<id>[\d]+)',
array(
- 'args' => array(
+ 'args' => array(
'id' => array(
'description' => __( 'Unique identifier for the user.' ),
'type' => 'integer',
@@ -107,7 +116,8 @@
),
),
),
- 'schema' => array( $this, 'get_public_item_schema' ),
+ 'allow_batch' => $this->allow_batch,
+ 'schema' => array( $this, 'get_public_item_schema' ),
)
);
@@ -318,6 +328,9 @@
}
if ( ! empty( $prepared_args['search'] ) ) {
+ if ( ! current_user_can( 'list_users' ) ) {
+ $prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' );
+ }
$prepared_args['search'] = '*' . $prepared_args['search'] . '*';
}
/**
@@ -345,7 +358,7 @@
// Store pagination values for headers then unset for count query.
$per_page = (int) $prepared_args['number'];
- $page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 );
+ $page = (int) ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 );
$prepared_args['fields'] = 'ID';
@@ -360,9 +373,9 @@
$response->header( 'X-WP-Total', (int) $total_users );
- $max_pages = ceil( $total_users / $per_page );
+ $max_pages = (int) ceil( $total_users / $per_page );
- $response->header( 'X-WP-TotalPages', (int) $max_pages );
+ $response->header( 'X-WP-TotalPages', $max_pages );
$base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
if ( $page > 1 ) {
@@ -683,8 +696,10 @@
$request_params = array_keys( $request->get_params() );
sort( $request_params );
- // If only 'id' and 'roles' are specified (we are only trying to
- // edit roles), then only the 'promote_user' cap is required.
+ /*
+ * If only 'id' and 'roles' are specified (we are only trying to
+ * edit roles), then only the 'promote_user' cap is required.
+ */
if ( array( 'id', 'roles' ) === $request_params ) {
return true;
}
@@ -717,16 +732,11 @@
$id = $user->ID;
- if ( ! $user ) {
- return new WP_Error(
- 'rest_user_invalid_id',
- __( 'Invalid user ID.' ),
- array( 'status' => 404 )
- );
+ $owner_id = false;
+ if ( is_string( $request['email'] ) ) {
+ $owner_id = email_exists( $request['email'] );
}
- $owner_id = email_exists( $request['email'] );
-
if ( $owner_id && $owner_id !== $id ) {
return new WP_Error(
'rest_user_invalid_email',
@@ -987,9 +997,10 @@
*/
public function prepare_item_for_response( $item, $request ) {
// Restores the more descriptive, specific name for use within this method.
- $user = $item;
+ $user = $item;
+
+ $fields = $this->get_fields_for_response( $request );
$data = array();
- $fields = $this->get_fields_for_response( $request );
if ( in_array( 'id', $fields, true ) ) {
$data['id'] = $user->ID;
@@ -1072,7 +1083,9 @@
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
- $response->add_links( $this->prepare_links( $user ) );
+ if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) {
+ $response->add_links( $this->prepare_links( $user ) );
+ }
/**
* Filters user data returned from the REST API.
@@ -1116,7 +1129,7 @@
* @return object User object.
*/
protected function prepare_item_for_database( $request ) {
- $prepared_user = new stdClass;
+ $prepared_user = new stdClass();
$schema = $this->get_item_schema();
@@ -1308,7 +1321,7 @@
);
}
- if ( false !== strpos( $password, '\\' ) ) {
+ if ( str_contains( $password, '\\' ) ) {
return new WP_Error(
'rest_user_invalid_password',
sprintf(