Fix: post endpoint return 404 on trash not found (#36768)

* Fix: post endpoint to return a 404 if a post has been deleted but we are trying to trash it * changelog
Automattic · Apr 8, 2024 · e3d0065 · e3d0065
1 parent d11d5af
commit e3d0065
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 9 deletions.
diff --git a/projects/plugins/jetpack/changelog/fix-post-endpoint-return-404-on-trash-not-found b/projects/plugins/jetpack/changelog/fix-post-endpoint-return-404-on-trash-not-found
@@ -0,0 +1,4 @@
+Significance: patch
+Type: other
+
+Post endpoint: return a 404 if a post is being trashed but does not exist
diff --git a/projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-v1-1-endpoint.php b/projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-v1-1-endpoint.php
@@ -332,6 +332,11 @@ public function write_post( $path, $blog_id, $post_id ) {
 				return new WP_Error( 'invalid_input', 'Invalid request input', 400 );
 			}
 
+			$post = get_post( $post_id );
+			if ( ! $post || is_wp_error( $post ) ) {
+				return new WP_Error( 'unknown_post', 'Unknown post', 404 );
+			}
+
 			if ( isset( $input['status'] ) && 'trash' === $input['status'] && ! current_user_can( 'delete_post', $post_id ) ) {
 				return new WP_Error( 'unauthorized', 'User cannot delete post', 403 );
 			}
@@ -341,12 +346,8 @@ public function write_post( $path, $blog_id, $post_id ) {
 				$input['status'] = 'publish';
 			}
 
-			$post       = get_post( $post_id );
 			$_post_type = ( ! empty( $input['type'] ) ) ? $input['type'] : $post->post_type;
 			$post_type  = get_post_type_object( $_post_type );
-			if ( ! $post || is_wp_error( $post ) ) {
-				return new WP_Error( 'unknown_post', 'Unknown post', 404 );
-			}
 
 			if ( ! current_user_can( 'edit_post', $post->ID ) ) {
 				return new WP_Error( 'unauthorized', 'User cannot edit post', 403 );

diff --git a/projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-v1-2-endpoint.php b/projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-post-v1-2-endpoint.php
@@ -258,6 +258,11 @@ public function write_post( $path, $blog_id, $post_id ) {
 				return new WP_Error( 'invalid_input', 'Invalid request input', 400 );
 			}
 
+			$post = get_post( $post_id );
+			if ( ! $post || is_wp_error( $post ) ) {
+				return new WP_Error( 'unknown_post', 'Unknown post', 404 );
+			}
+
 			if ( isset( $input['status'] ) && 'trash' === $input['status'] && ! current_user_can( 'delete_post', $post_id ) ) {
 				return new WP_Error( 'unauthorized', 'User cannot delete post', 403 );
 			}
@@ -267,11 +272,6 @@ public function write_post( $path, $blog_id, $post_id ) {
 				$input['status'] = 'publish';
 			}
 
-			$post = get_post( $post_id );
-			if ( ! $post || is_wp_error( $post ) ) {
-				return new WP_Error( 'unknown_post', 'Unknown post', 404 );
-			}
-
 			$_post_type = ( ! empty( $input['type'] ) ) ? $input['type'] : $post->post_type;
 			$post_type  = get_post_type_object( $_post_type );