Update plugin jecpack to 4.0.4

2 files changed, 9 insertions, 0 deletions

diff --git a/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-endpoint.php b/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-endpoint.php
index 556149e2..47ccd17b 100644
--- a/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-endpoint.php
+++ b/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-endpoint.php
@@ -22,6 +22,10 @@ class WPCOM_JSON_API_Get_Post_Endpoint extends WPCOM_JSON_API_Post_Endpoint {
 			return $return;
 		}
 
+		if ( ! $this->current_user_can_access_post_type( $return['type'], $args['context'] ) ) {
+			return new WP_Error( 'unknown_post', 'Unknown post', 404 );
+		}
+
 		/** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */
 		do_action( 'wpcom_json_api_objects', 'posts' );
 
diff --git a/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-v1-1-endpoint.php b/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-v1-1-endpoint.php
index e81c8bae..517630a6 100644
--- a/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-v1-1-endpoint.php
+++ b/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-v1-1-endpoint.php
@@ -17,10 +17,15 @@ class WPCOM_JSON_API_Get_Post_v1_1_Endpoint extends WPCOM_JSON_API_Post_v1_1_End
 		}
 
 		$return = $this->get_post_by( $get_by, $post_id, $args['context'] );
+
 		if ( !$return || is_wp_error( $return ) ) {
 			return $return;
 		}
 
+		if ( ! $this->current_user_can_access_post_type( $return['type'], $args['context'] ) ) {
+			return new WP_Error( 'unknown_post', 'Unknown post', 404 );
+		}
+
 		/** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */
 		do_action( 'wpcom_json_api_objects', 'posts' );