diff -r 3d4e9c994f10 -r a86126ab1dd4 wp/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php --- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php Tue Oct 22 16:11:46 2019 +0200 +++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php Tue Dec 15 13:49:49 2020 +0100 @@ -40,6 +40,8 @@ * Registers the routes for the objects of the controller. * * @since 4.7.0 + * + * @see register_rest_route() */ public function register_routes() { @@ -99,7 +101,7 @@ 'force' => array( 'type' => 'boolean', 'default' => false, - 'description' => __( 'Whether to bypass trash and force deletion.' ), + 'description' => __( 'Whether to bypass Trash and force deletion.' ), ), 'password' => array( 'description' => __( 'The password for the parent post of the comment (if the post is password protected).' ), @@ -118,7 +120,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has read access, error object otherwise. + * @return true|WP_Error True if the request has read access, error object otherwise. */ public function get_items_permissions_check( $request ) { @@ -127,15 +129,27 @@ $post = get_post( $post_id ); if ( ! empty( $post_id ) && $post && ! $this->check_read_post_permission( $post, $request ) ) { - return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_cannot_read_post', + __( 'Sorry, you are not allowed to read the post for this comment.' ), + array( 'status' => rest_authorization_required_code() ) + ); } elseif ( 0 === $post_id && ! current_user_can( 'moderate_comments' ) ) { - return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read comments without a post.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_cannot_read', + __( 'Sorry, you are not allowed to read comments without a post.' ), + array( 'status' => rest_authorization_required_code() ) + ); } } } if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit comments.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_forbidden_context', + __( 'Sorry, you are not allowed to edit comments.' ), + array( 'status' => rest_authorization_required_code() ) + ); } if ( ! current_user_can( 'edit_posts' ) ) { @@ -157,7 +171,12 @@ } if ( ! empty( $forbidden_params ) ) { - return new WP_Error( 'rest_forbidden_param', sprintf( __( 'Query parameter not permitted: %s' ), implode( ', ', $forbidden_params ) ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_forbidden_param', + /* translators: %s: List of forbidden parameters. */ + sprintf( __( 'Query parameter not permitted: %s' ), implode( ', ', $forbidden_params ) ), + array( 'status' => rest_authorization_required_code() ) + ); } } @@ -170,7 +189,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. + * @return WP_REST_Response|WP_Error Response object on success, or error object on failure. */ public function get_items( $request ) { @@ -317,7 +336,12 @@ * @return WP_Comment|WP_Error Comment object if ID is valid, WP_Error otherwise. */ protected function get_comment( $id ) { - $error = new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); + $error = new WP_Error( + 'rest_comment_invalid_id', + __( 'Invalid comment ID.' ), + array( 'status' => 404 ) + ); + if ( (int) $id <= 0 ) { return $error; } @@ -330,8 +354,13 @@ if ( ! empty( $comment->comment_post_ID ) ) { $post = get_post( (int) $comment->comment_post_ID ); + if ( empty( $post ) ) { - return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); + return new WP_Error( + 'rest_post_invalid_id', + __( 'Invalid post ID.' ), + array( 'status' => 404 ) + ); } } @@ -344,7 +373,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has read access for the item, error object otherwise. + * @return true|WP_Error True if the request has read access for the item, error object otherwise. */ public function get_item_permissions_check( $request ) { $comment = $this->get_comment( $request['id'] ); @@ -353,17 +382,29 @@ } if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit comments.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_forbidden_context', + __( 'Sorry, you are not allowed to edit comments.' ), + array( 'status' => rest_authorization_required_code() ) + ); } $post = get_post( $comment->comment_post_ID ); if ( ! $this->check_read_permission( $comment, $request ) ) { - return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read this comment.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_cannot_read', + __( 'Sorry, you are not allowed to read this comment.' ), + array( 'status' => rest_authorization_required_code() ) + ); } if ( $post && ! $this->check_read_post_permission( $post, $request ) ) { - return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_cannot_read_post', + __( 'Sorry, you are not allowed to read the post for this comment.' ), + array( 'status' => rest_authorization_required_code() ) + ); } return true; @@ -375,7 +416,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. + * @return WP_REST_Response|WP_Error Response object on success, or error object on failure. */ public function get_item( $request ) { $comment = $this->get_comment( $request['id'] ); @@ -395,12 +436,16 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has access to create items, error object otherwise. + * @return true|WP_Error True if the request has access to create items, error object otherwise. */ public function create_item_permissions_check( $request ) { if ( ! is_user_logged_in() ) { if ( get_option( 'comment_registration' ) ) { - return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) ); + return new WP_Error( + 'rest_comment_login_required', + __( 'Sorry, you must be logged in to comment.' ), + array( 'status' => 401 ) + ); } /** @@ -416,8 +461,13 @@ * response. */ $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request ); + if ( ! $allow_anonymous ) { - return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) ); + return new WP_Error( + 'rest_comment_login_required', + __( 'Sorry, you must be logged in to comment.' ), + array( 'status' => 401 ) + ); } } @@ -425,7 +475,7 @@ if ( isset( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( 'moderate_comments' ) ) { return new WP_Error( 'rest_comment_invalid_author', - /* translators: %s: request parameter */ + /* translators: %s: Request parameter. */ sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author' ), array( 'status' => rest_authorization_required_code() ) ); @@ -435,7 +485,7 @@ if ( empty( $_SERVER['REMOTE_ADDR'] ) || $request['author_ip'] !== $_SERVER['REMOTE_ADDR'] ) { return new WP_Error( 'rest_comment_invalid_author_ip', - /* translators: %s: request parameter */ + /* translators: %s: Request parameter. */ sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author_ip' ), array( 'status' => rest_authorization_required_code() ) ); @@ -445,35 +495,60 @@ if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) { return new WP_Error( 'rest_comment_invalid_status', - /* translators: %s: request parameter */ + /* translators: %s: Request parameter. */ sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'status' ), array( 'status' => rest_authorization_required_code() ) ); } if ( empty( $request['post'] ) ) { - return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) ); + return new WP_Error( + 'rest_comment_invalid_post_id', + __( 'Sorry, you are not allowed to create this comment without a post.' ), + array( 'status' => 403 ) + ); } $post = get_post( (int) $request['post'] ); + if ( ! $post ) { - return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) ); + return new WP_Error( + 'rest_comment_invalid_post_id', + __( 'Sorry, you are not allowed to create this comment without a post.' ), + array( 'status' => 403 ) + ); } if ( 'draft' === $post->post_status ) { - return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); + return new WP_Error( + 'rest_comment_draft_post', + __( 'Sorry, you are not allowed to create a comment on this post.' ), + array( 'status' => 403 ) + ); } if ( 'trash' === $post->post_status ) { - return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); + return new WP_Error( + 'rest_comment_trash_post', + __( 'Sorry, you are not allowed to create a comment on this post.' ), + array( 'status' => 403 ) + ); } if ( ! $this->check_read_post_permission( $post, $request ) ) { - return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_cannot_read_post', + __( 'Sorry, you are not allowed to read the post for this comment.' ), + array( 'status' => rest_authorization_required_code() ) + ); } if ( ! comments_open( $post->ID ) ) { - return new WP_Error( 'rest_comment_closed', __( 'Sorry, comments are closed for this item.' ), array( 'status' => 403 ) ); + return new WP_Error( + 'rest_comment_closed', + __( 'Sorry, comments are closed for this item.' ), + array( 'status' => 403 ) + ); } return true; @@ -485,16 +560,24 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. + * @return WP_REST_Response|WP_Error Response object on success, or error object on failure. */ public function create_item( $request ) { if ( ! empty( $request['id'] ) ) { - return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_comment_exists', + __( 'Cannot create existing comment.' ), + array( 'status' => 400 ) + ); } // Do not allow comments to be created with a non-default type. if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) { - return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_invalid_comment_type', + __( 'Cannot create a comment with that type.' ), + array( 'status' => 400 ) + ); } $prepared_comment = $this->prepare_item_for_database( $request ); @@ -502,14 +585,18 @@ return $prepared_comment; } - $prepared_comment['comment_type'] = ''; + $prepared_comment['comment_type'] = 'comment'; /* * Do not allow a comment to be created with missing or empty * comment_content. See wp_handle_comment_submission(). */ if ( empty( $prepared_comment['comment_content'] ) ) { - return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_comment_content_invalid', + __( 'Invalid comment content.' ), + array( 'status' => 400 ) + ); } // Setting remaining values before wp_insert_comment so we can use wp_allow_comment(). @@ -535,7 +622,11 @@ // Honor the discussion setting that requires a name and email address of the comment author. if ( get_option( 'require_name_email' ) ) { if ( empty( $prepared_comment['comment_author'] ) || empty( $prepared_comment['comment_author_email'] ) ) { - return new WP_Error( 'rest_comment_author_data_required', __( 'Creating a comment requires valid author name and email values.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_comment_author_data_required', + __( 'Creating a comment requires valid author name and email values.' ), + array( 'status' => 400 ) + ); } } @@ -552,9 +643,14 @@ } $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_comment ); + if ( is_wp_error( $check_comment_lengths ) ) { $error_code = $check_comment_lengths->get_error_code(); - return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); + return new WP_Error( + $error_code, + __( 'Comment field exceeds maximum length allowed.' ), + array( 'status' => 400 ) + ); } $prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true ); @@ -564,11 +660,19 @@ $error_message = $prepared_comment['comment_approved']->get_error_message(); if ( 'comment_duplicate' === $error_code ) { - return new WP_Error( $error_code, $error_message, array( 'status' => 409 ) ); + return new WP_Error( + $error_code, + $error_message, + array( 'status' => 409 ) + ); } if ( 'comment_flood' === $error_code ) { - return new WP_Error( $error_code, $error_message, array( 'status' => 400 ) ); + return new WP_Error( + $error_code, + $error_message, + array( 'status' => 400 ) + ); } return $prepared_comment['comment_approved']; @@ -578,11 +682,11 @@ * Filters a comment before it is inserted via the REST API. * * Allows modification of the comment right before it is inserted via wp_insert_comment(). - * Returning a WP_Error value from the filter will shortcircuit insertion and allow + * Returning a WP_Error value from the filter will short-circuit insertion and allow * skipping further processing. * * @since 4.7.0 - * @since 4.8.0 `$prepared_comment` can now be a WP_Error to shortcircuit insertion. + * @since 4.8.0 `$prepared_comment` can now be a WP_Error to short-circuit insertion. * * @param array|WP_Error $prepared_comment The prepared comment data for wp_insert_comment(). * @param WP_REST_Request $request Request used to insert the comment. @@ -595,7 +699,11 @@ $comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) ); if ( ! $comment_id ) { - return new WP_Error( 'rest_comment_failed_create', __( 'Creating comment failed.' ), array( 'status' => 500 ) ); + return new WP_Error( + 'rest_comment_failed_create', + __( 'Creating comment failed.' ), + array( 'status' => 500 ) + ); } if ( isset( $request['status'] ) ) { @@ -662,7 +770,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has access to update the item, error object otherwise. + * @return true|WP_Error True if the request has access to update the item, error object otherwise. */ public function update_item_permissions_check( $request ) { $comment = $this->get_comment( $request['id'] ); @@ -671,7 +779,11 @@ } if ( ! $this->check_edit_permission( $comment ) ) { - return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_cannot_edit', + __( 'Sorry, you are not allowed to edit this comment.' ), + array( 'status' => rest_authorization_required_code() ) + ); } return true; @@ -683,7 +795,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. + * @return WP_REST_Response|WP_Error Response object on success, or error object on failure. */ public function update_item( $request ) { $comment = $this->get_comment( $request['id'] ); @@ -694,7 +806,11 @@ $id = $comment->comment_ID; if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) { - return new WP_Error( 'rest_comment_invalid_type', __( 'Sorry, you are not allowed to change the comment type.' ), array( 'status' => 404 ) ); + return new WP_Error( + 'rest_comment_invalid_type', + __( 'Sorry, you are not allowed to change the comment type.' ), + array( 'status' => 404 ) + ); } $prepared_args = $this->prepare_item_for_database( $request ); @@ -705,8 +821,13 @@ if ( ! empty( $prepared_args['comment_post_ID'] ) ) { $post = get_post( $prepared_args['comment_post_ID'] ); + if ( empty( $post ) ) { - return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid post ID.' ), array( 'status' => 403 ) ); + return new WP_Error( + 'rest_comment_invalid_post_id', + __( 'Invalid post ID.' ), + array( 'status' => 403 ) + ); } } @@ -715,7 +836,11 @@ $change = $this->handle_status_param( $request['status'], $id ); if ( ! $change ) { - return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment status failed.' ), array( 'status' => 500 ) ); + return new WP_Error( + 'rest_comment_failed_edit', + __( 'Updating comment status failed.' ), + array( 'status' => 500 ) + ); } } elseif ( ! empty( $prepared_args ) ) { if ( is_wp_error( $prepared_args ) ) { @@ -723,21 +848,34 @@ } if ( isset( $prepared_args['comment_content'] ) && empty( $prepared_args['comment_content'] ) ) { - return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_comment_content_invalid', + __( 'Invalid comment content.' ), + array( 'status' => 400 ) + ); } $prepared_args['comment_ID'] = $id; $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_args ); + if ( is_wp_error( $check_comment_lengths ) ) { $error_code = $check_comment_lengths->get_error_code(); - return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); + return new WP_Error( + $error_code, + __( 'Comment field exceeds maximum length allowed.' ), + array( 'status' => 400 ) + ); } - $updated = wp_update_comment( wp_slash( (array) $prepared_args ) ); + $updated = wp_update_comment( wp_slash( (array) $prepared_args ), true ); - if ( false === $updated ) { - return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) ); + if ( is_wp_error( $updated ) ) { + return new WP_Error( + 'rest_comment_failed_edit', + __( 'Updating comment failed.' ), + array( 'status' => 500 ) + ); } if ( isset( $request['status'] ) ) { @@ -782,7 +920,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has access to delete the item, error object otherwise. + * @return true|WP_Error True if the request has access to delete the item, error object otherwise. */ public function delete_item_permissions_check( $request ) { $comment = $this->get_comment( $request['id'] ); @@ -791,7 +929,11 @@ } if ( ! $this->check_edit_permission( $comment ) ) { - return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this comment.' ), array( 'status' => rest_authorization_required_code() ) ); + return new WP_Error( + 'rest_cannot_delete', + __( 'Sorry, you are not allowed to delete this comment.' ), + array( 'status' => rest_authorization_required_code() ) + ); } return true; } @@ -802,7 +944,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. + * @return WP_REST_Response|WP_Error Response object on success, or error object on failure. */ public function delete_item( $request ) { $comment = $this->get_comment( $request['id'] ); @@ -815,7 +957,7 @@ /** * Filters whether a comment can be trashed. * - * Return false to disable trash support for the post. + * Return false to disable Trash support for the post. * * @since 4.7.0 * @@ -839,12 +981,20 @@ } else { // If this type doesn't support trashing, error out. if ( ! $supports_trash ) { - /* translators: %s: force=true */ - return new WP_Error( 'rest_trash_not_supported', sprintf( __( "The comment does not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); + return new WP_Error( + 'rest_trash_not_supported', + /* translators: %s: force=true */ + sprintf( __( "The comment does not support trashing. Set '%s' to delete." ), 'force=true' ), + array( 'status' => 501 ) + ); } if ( 'trash' === $comment->comment_approved ) { - return new WP_Error( 'rest_already_trashed', __( 'The comment has already been trashed.' ), array( 'status' => 410 ) ); + return new WP_Error( + 'rest_already_trashed', + __( 'The comment has already been trashed.' ), + array( 'status' => 410 ) + ); } $result = wp_trash_comment( $comment->comment_ID ); @@ -853,7 +1003,11 @@ } if ( ! $result ) { - return new WP_Error( 'rest_cannot_delete', __( 'The comment cannot be deleted.' ), array( 'status' => 500 ) ); + return new WP_Error( + 'rest_cannot_delete', + __( 'The comment cannot be deleted.' ), + array( 'status' => 500 ) + ); } /** @@ -949,7 +1103,7 @@ } if ( in_array( 'author_avatar_urls', $fields, true ) ) { - $data['author_avatar_urls'] = rest_get_avatar_urls( $comment->comment_author_email ); + $data['author_avatar_urls'] = rest_get_avatar_urls( $comment ); } if ( in_array( 'meta', $fields, true ) ) { @@ -1150,7 +1304,11 @@ $prepared_comment['comment_author_email'] = $user->user_email; $prepared_comment['comment_author_url'] = $user->user_url; } else { - return new WP_Error( 'rest_comment_author_invalid', __( 'Invalid comment author ID.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_comment_author_invalid', + __( 'Invalid comment author ID.' ), + array( 'status' => 400 ) + ); } } @@ -1215,6 +1373,10 @@ * @return array */ public function get_item_schema() { + if ( $this->schema ) { + return $this->add_additional_fields_schema( $this->schema ); + } + $schema = array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => 'comment', @@ -1238,7 +1400,7 @@ 'context' => array( 'edit' ), 'arg_options' => array( 'sanitize_callback' => array( $this, 'check_comment_author_email' ), - 'validate_callback' => null, // skip built-in validation of 'email'. + 'validate_callback' => null, // Skip built-in validation of 'email'. ), ), 'author_ip' => array( @@ -1274,8 +1436,8 @@ 'type' => 'object', 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( - 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() - 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() + 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database(). + 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database(). ), 'properties' => array( 'raw' => array( @@ -1343,9 +1505,10 @@ $avatar_properties = array(); $avatar_sizes = rest_get_avatar_sizes(); + foreach ( $avatar_sizes as $size ) { $avatar_properties[ $size ] = array( - /* translators: %d: avatar image size in pixels */ + /* translators: %d: Avatar image size in pixels. */ 'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ), 'type' => 'string', 'format' => 'uri', @@ -1364,7 +1527,9 @@ $schema['properties']['meta'] = $this->meta->get_field_schema(); - return $this->add_additional_fields_schema( $schema ); + $this->schema = $schema; + + return $this->add_additional_fields_schema( $this->schema ); } /** @@ -1582,8 +1747,20 @@ * @return bool Whether post can be read. */ protected function check_read_post_permission( $post, $request ) { - $posts_controller = new WP_REST_Posts_Controller( $post->post_type ); - $post_type = get_post_type_object( $post->post_type ); + $post_type = get_post_type_object( $post->post_type ); + + // Return false if custom post type doesn't exist + if ( ! $post_type ) { + return false; + } + + $posts_controller = $post_type->get_rest_controller(); + + // Ensure the posts controller is specifically a WP_REST_Posts_Controller instance + // before using methods specific to that controller. + if ( ! $posts_controller instanceof WP_REST_Posts_Controller ) { + $posts_controller = new WP_REST_Posts_Controller( $post->post_type ); + } $has_password_filter = false; @@ -1597,7 +1774,7 @@ } if ( post_password_required( $post ) ) { - $result = current_user_can( $post_type->cap->edit_post, $post->ID ); + $result = current_user_can( 'edit_post', $post->ID ); } else { $result = $posts_controller->check_read_permission( $post ); } @@ -1648,7 +1825,7 @@ * * @since 4.7.0 * - * @param object $comment Comment object. + * @param WP_Comment $comment Comment object. * @return bool Whether the comment can be edited or deleted. */ protected function check_edit_permission( $comment ) { @@ -1656,8 +1833,8 @@ return false; } - if ( ! current_user_can( 'moderate_comments' ) ) { - return false; + if ( current_user_can( 'moderate_comments' ) ) { + return true; } return current_user_can( 'edit_comment', $comment->comment_ID ); @@ -1675,7 +1852,7 @@ * @param string $value Author email value submitted. * @param WP_REST_Request $request Full details about the request. * @param string $param The parameter name. - * @return WP_Error|string The sanitized email address, if valid, + * @return string|WP_Error The sanitized email address, if valid, * otherwise an error. */ public function check_comment_author_email( $value, $request, $param ) {