close
WordPress.org
Get WordPress

Make WordPress Core

Changeset 61936


Ignore:
Timestamp:
03/11/2026 01:34:01 PM (2 days ago)
Author:
johnbillion
Message:

Comments: Don't attempt to create a note if the user cannot edit the target post.

Merges [61888] into the 6.9 branch.

Props johnbillion, peterwilsoncc, adamsilverstein.

Location:
branches/6.9
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/6.9

  • branches/6.9/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r61297 r61936  
    559559                );
    560560            }
     561        }
     562
     563        if ( $is_note && ! empty( $request['post'] ) && ! current_user_can( 'edit_post', (int) $request['post'] ) ) {
     564            return new WP_Error(
     565                'rest_cannot_create_note',
     566                __( 'Sorry, you are not allowed to create notes for this post.' ),
     567                array( 'status' => rest_authorization_required_code() )
     568            );
    561569        }
    562570
Note: See TracChangeset for help on using the changeset viewer.