REST API: Return a more appropriate HTTP 400 response code when attempting to create or update a non-existent setting.

This switches the response from a 200, which is not appropriate for invalid requests.

Props sheldorofazeroth, johnbillion

Fixes #41604

git-svn-id: https://develop.svn.wordpress.org/trunk@60301 602fd350-edb4-49c9-b593-d223f7449a82

Author: johnbillion

src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php

@@ -147,6 +147,18 @@ public function update_item( $request ) {
 
 		$params = $request->get_params();
 
+		if ( empty( $params ) || ! empty( array_diff_key( $params, $options ) ) ) {
+			$message = empty( $params )
+				? __( 'Request body cannot be empty.' )
+				: __( 'Invalid parameter(s) provided.' );
+
+			return new WP_Error(
+				'rest_invalid_param',
+				$message,
+				array( 'status' => 400 )
+			);
+		}
+
 		foreach ( $options as $name => $args ) {
 			if ( ! array_key_exists( $name, $params ) ) {
 				continue;

tests/phpunit/tests/rest-api/rest-settings-controller.php

@@ -385,14 +385,21 @@ public function test_get_item_with_invalid_object_array_in_options() {
 	}
 
 	/**
-	 * @doesNotPerformAssertions
+	 * Settings can't be created
 	 */
 	public function test_create_item() {
-		// Controller does not implement create_item().
+		wp_set_current_user( self::$administrator );
+
+		$request = new WP_REST_Request( 'POST', '/wp/v2/settings' );
+		$request->set_param( 'new_setting', 'New value' );
+		$response = rest_get_server()->dispatch( $request );
+
+		$this->assertSame( 400, $response->get_status() );
 	}
 
 	public function test_update_item() {
 		wp_set_current_user( self::$administrator );
+
 		$request = new WP_REST_Request( 'PUT', '/wp/v2/settings' );
 		$request->set_param( 'title', 'The new title!' );
 		$response = rest_get_server()->dispatch( $request );
@@ -403,6 +410,27 @@ public function test_update_item() {
 		$this->assertSame( get_option( 'blogname' ), $data['title'] );
 	}
 
+	public function test_update_nonexistent_item() {
+		wp_set_current_user( self::$administrator );
+
+		$request = new WP_REST_Request( 'PUT', '/wp/v2/settings' );
+		$request->set_param( 'i_do_no_exist', 'New value' );
+		$response = rest_get_server()->dispatch( $request );
+
+		$this->assertSame( 400, $response->get_status() );
+	}
+
+	public function test_update_partially_valid_items() {
+		wp_set_current_user( self::$administrator );
+
+		$request = new WP_REST_Request( 'PUT', '/wp/v2/settings' );
+		$request->set_param( 'title', 'The new title!' );
+		$request->set_param( 'i_do_no_exist', 'New value' );
+		$response = rest_get_server()->dispatch( $request );
+
+		$this->assertSame( 400, $response->get_status() );
+	}
+
 	public function update_setting_custom_callback( $result, $name, $value, $args ) {
 		if ( 'title' === $name && 'The new title!' === $value ) {
 			// Do not allow changing the title in this case.