From 7dc75c29f638d2c0abba40b5893d1f12b02484f5 Mon Sep 17 00:00:00 2001 From: joehoyle Date: Wed, 23 Nov 2016 23:12:05 +0000 Subject: [PATCH] =?UTF-8?q?REST=20API:=20Allow=20unsetting=20a=20post?= =?UTF-8?q?=E2=80=99s=20password.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Props danielbachhuber, iseulde. Fixes #38919. git-svn-id: https://develop.svn.wordpress.org/trunk@39352 602fd350-edb4-49c9-b593-d223f7449a82 --- .../class-wp-rest-posts-controller.php | 14 ++++++++------ .../tests/rest-api/rest-posts-controller.php | 17 +++++++++++++++++ 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index df8ac1a892..d249ab81f5 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -973,15 +973,17 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { } // Post password. - if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) && '' !== $request['password'] ) { + if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) ) { $prepared_post->post_password = $request['password']; - if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) { - return new WP_Error( 'rest_invalid_field', __( 'A post can not be sticky and have a password.' ), array( 'status' => 400 ) ); - } + if ( '' !== $request['password'] ) { + if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) { + return new WP_Error( 'rest_invalid_field', __( 'A post can not be sticky and have a password.' ), array( 'status' => 400 ) ); + } - if ( ! empty( $prepared_post->ID ) && is_sticky( $prepared_post->ID ) ) { - return new WP_Error( 'rest_invalid_field', __( 'A sticky post can not be password protected.' ), array( 'status' => 400 ) ); + if ( ! empty( $prepared_post->ID ) && is_sticky( $prepared_post->ID ) ) { + return new WP_Error( 'rest_invalid_field', __( 'A sticky post can not be password protected.' ), array( 'status' => 400 ) ); + } } } diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index 526c3906c1..0e738c394d 100644 --- a/tests/phpunit/tests/rest-api/rest-posts-controller.php +++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php @@ -1949,6 +1949,23 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertEquals( '', $new_data['content']['raw'] ); } + public function test_update_post_with_empty_password() { + wp_set_current_user( self::$editor_id ); + wp_update_post( array( + 'ID' => self::$post_id, + 'post_password' => 'foo', + ) ); + + $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/posts/%d', self::$post_id ) ); + $params = $this->set_post_data( array( + 'password' => '', + ) ); + $request->set_body_params( $params ); + $response = $this->server->dispatch( $request ); + $data = $response->get_data(); + $this->assertEquals( '', $data['password'] ); + } + public function test_update_post_with_password_and_sticky_fails() { wp_set_current_user( self::$editor_id );