diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-revisions-controller.php index db1be197e5ab4..449ecac47fbd4 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-revisions-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-revisions-controller.php @@ -287,6 +287,15 @@ public function get_item( $request ) { return $revision; } + if ( (int) $parent->ID !== (int) $revision->post_parent ) { + return new WP_Error( + 'rest_revision_parent_id_mismatch', + /* translators: %d: A post id. */ + sprintf( __( 'The revision does not belong to the specified parent with id of "%d"' ), $parent->ID ), + array( 'status' => 404 ) + ); + } + $response = $this->prepare_item_for_response( $revision, $request ); return rest_ensure_response( $response ); } diff --git a/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php b/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php index 3773b5fd1f9e4..1c3dd2dd6b7ee 100644 --- a/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php +++ b/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php @@ -31,6 +31,11 @@ class WP_REST_Global_Styles_Revisions_Controller_Test extends WP_Test_REST_Contr */ protected static $global_styles_id; + /** + * @var int + */ + protected static $global_styles_id_2; + /** * @var int */ @@ -103,6 +108,20 @@ public static function wpSetupBeforeClass( $factory ) { ) ); + // This creates another global styles post for the current theme. + self::$global_styles_id_2 = $factory->post->create( + array( + 'post_content' => '{"version": ' . WP_Theme_JSON::LATEST_SCHEMA . ', "isGlobalStylesUserThemeJSON": true }', + 'post_status' => 'publish', + 'post_title' => __( 'Custom Styles' ), + 'post_type' => 'wp_global_styles', + 'post_name' => 'wp-global-styles-tt1-blocks-revisions-2', + 'tax_input' => array( + 'wp_theme' => 'tt1-blocks', + ), + ) + ); + // Update post to create a new revisions. $new_styles_post = array( 'ID' => self::$global_styles_id, @@ -256,6 +275,36 @@ public function test_get_items_missing_parent() { $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 ); } + /** + * @ticket 59810 + * + * @covers WP_REST_Global_Styles_Controller::get_items + */ + public function test_get_item_valid_parent_id() { + wp_set_current_user( self::$admin_id ); + $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions/' . $this->revision_1_id ); + $response = rest_get_server()->dispatch( $request ); + $data = $response->get_data(); + + $this->assertSame( self::$global_styles_id, $data['parent'], "The returned revision's id should match the parent id." ); + $this->check_get_revision_response( $data, $this->revision_1 ); + } + + /** + * @ticket 59810 + * + * @covers WP_REST_Global_Styles_Controller::get_items + */ + public function test_get_item_invalid_parent_id() { + wp_set_current_user( self::$admin_id ); + $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id_2 . '/revisions/' . $this->revision_1_id ); + $response = rest_get_server()->dispatch( $request ); + $this->assertErrorResponse( 'rest_revision_parent_id_mismatch', $response, 404 ); + + $expected_message = 'The revision does not belong to the specified parent with id of "' . self::$global_styles_id_2 . '"'; + $this->assertSame( $expected_message, $response->as_error()->get_error_messages()[0], 'The message must contain the correct parent ID.' ); + } + /** * Utility function to check the items in WP_REST_Global_Styles_Controller::get_items * against the expected values.