diff -r 7b1b88e27a20 -r 48c4eec2b7e6 wp/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php --- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php Thu Sep 29 08:06:27 2022 +0200 +++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php Fri Sep 05 18:40:08 2025 +0200 @@ -25,6 +25,14 @@ protected $meta; /** + * Whether the controller supports batching. + * + * @since 6.6.0 + * @var array + */ + protected $allow_batch = array( 'v1' => true ); + + /** * Constructor. * * @since 4.7.0 @@ -61,7 +69,8 @@ 'permission_callback' => array( $this, 'create_item_permissions_check' ), 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), ), - 'schema' => array( $this, 'get_public_item_schema' ), + 'allow_batch' => $this->allow_batch, + 'schema' => array( $this, 'get_public_item_schema' ), ) ); @@ -69,7 +78,7 @@ $this->namespace, '/' . $this->rest_base . '/(?P[\d]+)', array( - 'args' => array( + 'args' => array( 'id' => array( 'description' => __( 'Unique identifier for the user.' ), 'type' => 'integer', @@ -107,7 +116,8 @@ ), ), ), - 'schema' => array( $this, 'get_public_item_schema' ), + 'allow_batch' => $this->allow_batch, + 'schema' => array( $this, 'get_public_item_schema' ), ) ); @@ -318,6 +328,9 @@ } if ( ! empty( $prepared_args['search'] ) ) { + if ( ! current_user_can( 'list_users' ) ) { + $prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' ); + } $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; } /** @@ -345,7 +358,7 @@ // Store pagination values for headers then unset for count query. $per_page = (int) $prepared_args['number']; - $page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); + $page = (int) ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); $prepared_args['fields'] = 'ID'; @@ -360,9 +373,9 @@ $response->header( 'X-WP-Total', (int) $total_users ); - $max_pages = ceil( $total_users / $per_page ); + $max_pages = (int) ceil( $total_users / $per_page ); - $response->header( 'X-WP-TotalPages', (int) $max_pages ); + $response->header( 'X-WP-TotalPages', $max_pages ); $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); if ( $page > 1 ) { @@ -683,8 +696,10 @@ $request_params = array_keys( $request->get_params() ); sort( $request_params ); - // If only 'id' and 'roles' are specified (we are only trying to - // edit roles), then only the 'promote_user' cap is required. + /* + * If only 'id' and 'roles' are specified (we are only trying to + * edit roles), then only the 'promote_user' cap is required. + */ if ( array( 'id', 'roles' ) === $request_params ) { return true; } @@ -717,16 +732,11 @@ $id = $user->ID; - if ( ! $user ) { - return new WP_Error( - 'rest_user_invalid_id', - __( 'Invalid user ID.' ), - array( 'status' => 404 ) - ); + $owner_id = false; + if ( is_string( $request['email'] ) ) { + $owner_id = email_exists( $request['email'] ); } - $owner_id = email_exists( $request['email'] ); - if ( $owner_id && $owner_id !== $id ) { return new WP_Error( 'rest_user_invalid_email', @@ -987,9 +997,10 @@ */ public function prepare_item_for_response( $item, $request ) { // Restores the more descriptive, specific name for use within this method. - $user = $item; + $user = $item; + + $fields = $this->get_fields_for_response( $request ); $data = array(); - $fields = $this->get_fields_for_response( $request ); if ( in_array( 'id', $fields, true ) ) { $data['id'] = $user->ID; @@ -1072,7 +1083,9 @@ // Wrap the data in a response object. $response = rest_ensure_response( $data ); - $response->add_links( $this->prepare_links( $user ) ); + if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) { + $response->add_links( $this->prepare_links( $user ) ); + } /** * Filters user data returned from the REST API. @@ -1116,7 +1129,7 @@ * @return object User object. */ protected function prepare_item_for_database( $request ) { - $prepared_user = new stdClass; + $prepared_user = new stdClass(); $schema = $this->get_item_schema(); @@ -1308,7 +1321,7 @@ ); } - if ( false !== strpos( $password, '\\' ) ) { + if ( str_contains( $password, '\\' ) ) { return new WP_Error( 'rest_user_invalid_password', sprintf(