Conversation
elopes-sv
changed the title
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2211e47849
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| protected function get_valid_post( $post_id ) { | ||
| $post = get_post( $post_id ); | ||
|
|
||
| if ( ! $post || 'post' !== $post->post_type ) { |
There was a problem hiding this comment.
get_valid_post only checks that get_post returns a post type, but get_post can return private/draft posts even when the current user is not allowed to read them. In practice, any authenticated user can favorite/unfavorite non-public posts and infer their existence from the response code (404 vs 201/409/200). Add a permission/status check (for example current_user_can( 'read_post', $post_id ) or equivalent visibility logic) before treating the post as valid.
Useful? React with 👍 / 👎.
1 participant
Resumo
Implementa um plugin WordPress orientado a objetos para favoritar e desfavoritar posts de usuários autenticados via WP REST API, com persistência em tabela própria.
O que foi feito
apiki_favoritespostEndpoints
POST /wp-json/apiki/v1/posts/<post_id>/favoriteDELETE /wp-json/apiki/v1/posts/<post_id>/favoriteComo validar
wp_apiki_favoritesou equivalente com o prefixo local.POST /wp-json/apiki/v1/posts/<post_id>/favoriteautenticado e validar201.POSTe validar409.DELETE /wp-json/apiki/v1/posts/<post_id>/favoritee validar200.DELETEe validar404.401.post_idinexistente e validar404.Evidências