From 58aad3837f1cf8b4a281b44f75ce4d794a31dfa1 Mon Sep 17 00:00:00 2001 From: "K. Adam White" Date: Tue, 19 Mar 2019 03:21:28 +0000 Subject: [PATCH] REST API: Ensure "Allow" header is returned for OPTIONS requests. This changeset ensures `$request->set_url_params()` is called while fulfilling OPTIONS requests, where previously it was skipped because OPTIONS requests short-circuit the logic in `dispatch` which handles this setup for other request methods. Omitting the URL parameters prevented the Allow header from being set. Props killua99, noisysocks. Fixes #45753. git-svn-id: https://develop.svn.wordpress.org/trunk@44933 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/rest-api.php | 17 ++++++++++- .../rest-api/rest-attachments-controller.php | 30 +++++++++++++++++++ .../tests/rest-api/rest-posts-controller.php | 22 ++++++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/rest-api.php b/src/wp-includes/rest-api.php index a2e3363951..1c73b97824 100644 --- a/src/wp-includes/rest-api.php +++ b/src/wp-includes/rest-api.php @@ -615,12 +615,27 @@ function rest_handle_options_request( $response, $handler, $request ) { $data = array(); foreach ( $handler->get_routes() as $route => $endpoints ) { - $match = preg_match( '@^' . $route . '$@i', $request->get_route() ); + $match = preg_match( '@^' . $route . '$@i', $request->get_route(), $matches ); if ( ! $match ) { continue; } + $args = array(); + foreach ( $matches as $param => $value ) { + if ( ! is_int( $param ) ) { + $args[ $param ] = $value; + } + } + + foreach ( $endpoints as $endpoint ) { + // Remove the redundant preg_match argument. + unset( $args[0] ); + + $request->set_url_params( $args ); + $request->set_attributes( $endpoint ); + } + $data = $handler->get_data_for_route( $route, $endpoints, 'help' ); $response->set_matched_route( $route ); break; diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index 3ad2b09a72..556cc6c8be 100644 --- a/tests/phpunit/tests/rest-api/rest-attachments-controller.php +++ b/tests/phpunit/tests/rest-api/rest-attachments-controller.php @@ -208,6 +208,36 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $this->assertEquals( array( 'context', 'id' ), $keys ); } + /** + * @ticket 43701 + */ + public function test_allow_header_sent_on_options_request() { + $id1 = $this->factory->attachment->create_object( + $this->test_file, + 0, + array( + 'post_mime_type' => 'image/jpeg', + 'post_excerpt' => 'A sample caption', + ) + ); + $request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/media/%d', $id1 ) ); + $response = rest_get_server()->dispatch( $request ); + $response = apply_filters( 'rest_post_dispatch', $response, rest_get_server(), $request ); + $headers = $response->get_headers(); + + $this->assertNotEmpty( $headers['Allow'] ); + $this->assertEquals( $headers['Allow'], 'GET' ); + + wp_set_current_user( self::$editor_id ); + $request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/media/%d', $id1 ) ); + $response = rest_get_server()->dispatch( $request ); + $response = apply_filters( 'rest_post_dispatch', $response, rest_get_server(), $request ); + $headers = $response->get_headers(); + + $this->assertNotEmpty( $headers['Allow'] ); + $this->assertEquals( $headers['Allow'], 'GET, POST, PUT, PATCH, DELETE' ); + } + public function test_get_items() { wp_set_current_user( 0 ); $id1 = $this->factory->attachment->create_object( diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index ee01eb717e..40d609c75d 100644 --- a/tests/phpunit/tests/rest-api/rest-posts-controller.php +++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php @@ -189,6 +189,28 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertEquals( array( 'context', 'id', 'password' ), $keys ); } + /** + * @ticket 43701 + */ + public function test_allow_header_sent_on_options_request() { + $request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/posts/%d', self::$post_id ) ); + $response = rest_get_server()->dispatch( $request ); + $response = apply_filters( 'rest_post_dispatch', $response, rest_get_server(), $request ); + $headers = $response->get_headers(); + + $this->assertNotEmpty( $headers['Allow'] ); + $this->assertEquals( $headers['Allow'], 'GET' ); + + wp_set_current_user( self::$editor_id ); + $request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/posts/%d', self::$post_id ) ); + $response = rest_get_server()->dispatch( $request ); + $response = apply_filters( 'rest_post_dispatch', $response, rest_get_server(), $request ); + $headers = $response->get_headers(); + + $this->assertNotEmpty( $headers['Allow'] ); + $this->assertEquals( $headers['Allow'], 'GET, POST, PUT, PATCH, DELETE' ); + } + public function test_get_items() { $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); $response = rest_get_server()->dispatch( $request );