Skip to content

Commit d734ac4

Browse files
peterwilsonccpeterwilsoncc
committed
Didn’t mean to remove this.
1 parent f26746a commit d734ac4

File tree

1 file changed

+14
-0
lines changed

1 file changed

+14
-0
lines changed

src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -198,6 +198,20 @@ public function get_items_permissions_check( $request ) {
198198
}
199199

200200
if ( ! current_user_can( 'edit_posts' ) ) {
201+
foreach ( $protected_params as $param ) {
202+
if ( 'status' === $param ) {
203+
if ( 'approve' !== $request[ $param ] ) {
204+
$forbidden_params[] = $param;
205+
}
206+
} elseif ( 'type' === $param ) {
207+
if ( 'comment' !== $request[ $param ] ) {
208+
$forbidden_params[] = $param;
209+
}
210+
} elseif ( ! empty( $request[ $param ] ) ) {
211+
$forbidden_params[] = $param;
212+
}
213+
}
214+
201215
if ( ! empty( $forbidden_params ) ) {
202216
return new WP_Error(
203217
'rest_forbidden_param',

0 commit comments

Comments
 (0)