Checks if the user can access password-protected content.
Description
This method determines whether we need to override the regular password check in core with a filter.
Parameters
$post
WP_Postrequired- Post to check against.
$request
WP_REST_Requestrequired- Request data to check.
Source
public function can_access_password_content( $post, $request ) {
if ( empty( $post->post_password ) ) {
// No filter required.
return false;
}
/*
* Users always gets access to password protected content in the edit
* context if they have the `edit_post` meta capability.
*/
if (
'edit' === $request['context'] &&
current_user_can( 'edit_post', $post->ID )
) {
return true;
}
// No password, no auth.
if ( empty( $request['password'] ) ) {
return false;
}
// Double-check the request password.
return hash_equals( $post->post_password, $request['password'] );
}
Changelog
Version | Description |
---|---|
4.7.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.