WordPress.org
Get WordPress

Making WordPress.org

Changeset 11297


Ignore:
Timestamp:
10/26/2021 04:05:15 AM (5 years ago)
Author:
dd32
Message:

Plugin Directory: API: Add permission_callback to all the public API endpoints, to avoid _doing_it_wrong().

'register_rest_route was called <strong>incorrectly</strong>. The REST API route definition for <code>plugins/v1/query-plugins/?</code> is missing the required <code>permission_callback</code> argument. For REST API routes that are intended to be public, use <code>return_true</code> as the permission callback.

Location:
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes/class-locale-banner.php

    r10343 r11297  
    1414    function __construct() {
    1515        register_rest_route( 'plugins/v1', '/locale-banner', array(
    16             'methods'  => WP_REST_Server::ALLMETHODS,
    17             'callback' => array( $this, 'locale_banner' ),
    18             'args'     => array(
     16            'methods'             => WP_REST_Server::ALLMETHODS,
     17            'callback'            => array( $this, 'locale_banner' ),
     18            'args'                => array(
    1919                'plugin_slug' => array(
    2020                    'validate_callback' => array( $this, 'validate_plugin_slug_callback' ),
    2121                ),
    2222            ),
     23            'permission_callback' => '__return_true',
    2324        ) );
    2425    }

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes/class-plugin-release-confirmation.php

    r10221 r11297  
    6161            'args'                => [
    6262            ],
    63             'permission_callback' => function( $request ) {
    64                 return is_user_logged_in();
    65             },
     63            'permission_callback' => 'is_user_logged_in',
    6664        ] );
    6765

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes/class-popular-tags.php

    r6287 r11297  
    1414    function __construct() {
    1515        register_rest_route( 'plugins/v1', '/popular-tags/?', array(
    16             'methods'  => WP_REST_Server::READABLE,
    17             'callback' => array( $this, 'popular_tags' ),
     16            'methods'             => WP_REST_Server::READABLE,
     17            'callback'            => array( $this, 'popular_tags' ),
     18            'permission_callback' => '__return_true',
    1819        ) );
    1920    }

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes/class-query-plugins.php

    r11295 r11297  
    2828    function __construct() {
    2929        register_rest_route( 'plugins/v1', '/query-plugins/?', array(
    30             'methods'  => WP_REST_Server::READABLE,
    31             'callback' => array( $this, 'query' ),
     30            'methods'             => WP_REST_Server::READABLE,
     31            'callback'            => array( $this, 'query' ),
     32            'permission_callback' => '__return_true',
    3233        ) );
    3334    }
Note: See TracChangeset for help on using the changeset viewer.