diff --git a/projects/plugins/jetpack/class.json-api-endpoints.php b/projects/plugins/jetpack/class.json-api-endpoints.php index 9414c208c8610..73de4e2609bd0 100644 --- a/projects/plugins/jetpack/class.json-api-endpoints.php +++ b/projects/plugins/jetpack/class.json-api-endpoints.php @@ -2645,10 +2645,9 @@ public function get_amp_cache_origins( $siteurl ) { * @throws Exception The exception if something goes wrong. */ public function create_rest_route_for_endpoint() { - $version_prefix = $this->max_version ? 'v' . $this->max_version : ''; register_rest_route( static::REST_NAMESPACE, - $version_prefix . $this->rest_route, + $this->build_rest_route(), array( 'methods' => $this->method, 'callback' => array( $this, 'rest_callback' ), @@ -2689,12 +2688,17 @@ final public function rest_permission_callback() { } $user_id = Rest_Authentication::init()->wp_rest_authenticate( false ); - if ( $user_id ) { - wp_set_current_user( $user_id ); - } - if ( ( $this->allow_fallback_to_jetpack_blog_token && Rest_Authentication::is_signed_with_blog_token() ) || Rest_Authentication::is_signed_with_user_token() ) { - return $this->rest_permission_callback_custom(); + $allow_blog_token = $this->allow_fallback_to_jetpack_blog_token || $this->allow_jetpack_site_auth; + + if ( ( $allow_blog_token && Rest_Authentication::is_signed_with_blog_token() ) || ( $user_id && Rest_Authentication::is_signed_with_user_token() ) ) { + $success = $this->rest_permission_callback_custom(); + + if ( $success && $user_id ) { + wp_set_current_user( $user_id ); + } + + return $success; } $message = esc_html__( @@ -2713,6 +2717,11 @@ public function rest_permission_callback_custom() { return true; } + public function build_rest_route() { + $version_prefix = $this->max_version ? 'v' . $this->max_version : ''; + return $version_prefix . $this->rest_route; + } + /** * Return endpoint response *