From 96f340dbc5f86588856db35e4a70e10bb44221f2 Mon Sep 17 00:00:00 2001 From: Lakshyajeet Singh Goyal Date: Mon, 13 Apr 2026 15:19:23 +0530 Subject: [PATCH 1/3] fix: remove `protected` property from revision rest schema --- .../endpoints/class-wp-rest-revisions-controller.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php index 73a888d6eac48..3d55cecc190f3 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php @@ -820,10 +820,16 @@ public function get_item_schema() { if ( ! empty( $parent_schema['properties']['content'] ) ) { $schema['properties']['content'] = $parent_schema['properties']['content']; + + // Revisions do not support password protection. + unset( $schema['properties']['content']['properties']['protected'] ); } if ( ! empty( $parent_schema['properties']['excerpt'] ) ) { $schema['properties']['excerpt'] = $parent_schema['properties']['excerpt']; + + // Revisions do not support password protection. + unset( $schema['properties']['excerpt']['properties']['protected'] ); } if ( ! empty( $parent_schema['properties']['guid'] ) ) { From 6d8392e0a212f634cf1ea43ce080a433b56bed94 Mon Sep 17 00:00:00 2001 From: Lakshyajeet Singh Goyal Date: Mon, 13 Apr 2026 18:06:35 +0530 Subject: [PATCH 2/3] fix: make checks more defensive --- .../endpoints/class-wp-rest-revisions-controller.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php index 3d55cecc190f3..83e8201ea3c96 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php @@ -822,14 +822,18 @@ public function get_item_schema() { $schema['properties']['content'] = $parent_schema['properties']['content']; // Revisions do not support password protection. - unset( $schema['properties']['content']['properties']['protected'] ); + if ( isset( $schema['properties']['content']['properties']['protected'] ) ) { + unset( $schema['properties']['content']['properties']['protected'] ); + } } if ( ! empty( $parent_schema['properties']['excerpt'] ) ) { $schema['properties']['excerpt'] = $parent_schema['properties']['excerpt']; // Revisions do not support password protection. - unset( $schema['properties']['excerpt']['properties']['protected'] ); + if ( isset( $schema['properties']['excerpt']['properties']['protected'] ) ) { + unset( $schema['properties']['excerpt']['properties']['protected'] ); + } } if ( ! empty( $parent_schema['properties']['guid'] ) ) { From 63001b4a2aa9dbedee296d039089731cda62d811 Mon Sep 17 00:00:00 2001 From: Lakshyajeet Singh Goyal Date: Tue, 14 Apr 2026 14:02:21 +0530 Subject: [PATCH 3/3] test: add tests to verify `protected` property is not included in the revision schema --- .../rest-api/rest-revisions-controller.php | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/tests/phpunit/tests/rest-api/rest-revisions-controller.php b/tests/phpunit/tests/rest-api/rest-revisions-controller.php index 52011afcb9318..c37ece49d75e3 100644 --- a/tests/phpunit/tests/rest-api/rest-revisions-controller.php +++ b/tests/phpunit/tests/rest-api/rest-revisions-controller.php @@ -690,6 +690,86 @@ public function test_get_items_pagination_header_of_the_first_page( $method ) { $this->assertStringContainsString( '<' . $next_link . '>; rel="next"', $headers['Link'] ); } + /** + * Test that the 'protected' property is not included in the revision schema's content. + * + * Verifies the fix for the issue where revision schema incorrectly included + * 'protected' properties that don't actually exist in revision responses. + * + * @ticket 53417 + */ + public function test_revision_schema_content_does_not_have_protected() { + $request = new WP_REST_Request( 'OPTIONS', '/wp/v2/posts/' . self::$post_id . '/revisions' ); + $response = rest_get_server()->dispatch( $request ); + $data = $response->get_data(); + $properties = $data['schema']['properties']; + + $this->assertArrayHasKey( 'content', $properties ); + $this->assertArrayHasKey( 'properties', $properties['content'] ); + $this->assertArrayNotHasKey( + 'protected', + $properties['content']['properties'], + 'The "protected" property should not be present in revision content schema' + ); + + $this->assertArrayHasKey( 'raw', $properties['content']['properties'] ); + $this->assertArrayHasKey( 'rendered', $properties['content']['properties'] ); + $this->assertArrayHasKey( 'block_version', $properties['content']['properties'] ); + } + + /** + * Test that the 'protected' property is not included in the revision schema's excerpt. + * + * Verifies the fix for the issue where revision schema incorrectly included + * 'protected' properties that don't actually exist in revision responses. + * + * @ticket 53417 + */ + public function test_revision_schema_excerpt_does_not_have_protected() { + $request = new WP_REST_Request( 'OPTIONS', '/wp/v2/posts/' . self::$post_id . '/revisions' ); + $response = rest_get_server()->dispatch( $request ); + $data = $response->get_data(); + $properties = $data['schema']['properties']; + + $this->assertArrayHasKey( 'excerpt', $properties ); + $this->assertArrayHasKey( 'properties', $properties['excerpt'] ); + $this->assertArrayNotHasKey( + 'protected', + $properties['excerpt']['properties'], + 'The "protected" property should not be present in revision excerpt schema' + ); + + $this->assertArrayHasKey( 'raw', $properties['excerpt']['properties'] ); + $this->assertArrayHasKey( 'rendered', $properties['excerpt']['properties'] ); + } + + /** + * Test that revision response data does not include the 'protected' property in excerpt. + * + * Verifies that actual revision responses don't include the 'protected' property, + * matching the corrected schema. + * + * @ticket 53417 + */ + public function test_revision_response_excerpt_does_not_include_protected() { + wp_set_current_user( self::$editor_id ); + + $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 ); + $response = rest_get_server()->dispatch( $request ); + $this->assertSame( 200, $response->get_status() ); + + $data = $response->get_data(); + + $this->assertArrayHasKey( 'excerpt', $data ); + $this->assertArrayNotHasKey( + 'protected', + $data['excerpt'], + 'The "protected" property should not be present in revision excerpt response' + ); + + $this->assertArrayHasKey( 'rendered', $data['excerpt'] ); + } + /** * Test the pagination header of the last page. *