Support » Plugin: Perfect Brands for WooCommerce » missing the required permission_callback argument

  • Resolved Johnny52

    (@johnny52)


    Hello,

    Great plugin….
    I have the latest WP/WOO/PLUGIN….
    Now getting this error:

    Notice: register_rest_route was called incorrectly. The REST API route definition for wc/v3/brands is missing the required permission_callback argument. For REST API routes that are intended to be public, use __return_true as the permission callback. Please see Debugging in WordPress for more information. (This message was added in version 5.5.0.) in /home/xxxxxxxxxx/wp-includes/functions.php on line 5225

Viewing 7 replies - 1 through 7 (of 7 total)
  • Even I was also getting the same error.

    Notice: register_rest_route was called incorrectly. The REST API route definition for wc/v1/brands is missing the required permission_callback argument. For REST API routes that are intended to be public, use __return_true as the permission callback. Please see Debugging in WordPress for more information. (This message was added in version 5.5.0.) in /home/xxxx/public_html/wp-includes/functions.php on line 5225

    This is due to the recent change in WordPress Core: https://make.wordpress.org/core/2020/07/22/rest-api-changes-in-wordpress-5-5/ . To fix the error, either you’ve to downgrade the core version or edit the plugin file
    /wp-content/plugins/perfect-woocommerce-brands/classes/class-pwb-api-support.php to add 'permission_callback' => '__return_true' until plugin developer released the patch. Entire register_rest_route code block should look like below:

                register_rest_route($namespace, '/'.$this->base, array(
                  array(
                    'methods'  => WP_REST_Server::READABLE,
                    'callback' => function () {
                        return rest_ensure_response(
                            Perfect_Woocommerce_Brands::get_brands()
                        );
                    },
                    'permission_callback' => '__return_true'
                  ),
                  array(
                    'methods'  => WP_REST_Server::CREATABLE,
                    'callback'  => array( $this, 'create_brand' ),
                    'permission_callback' => '__return_true'
                  ),
                  array(
                    'methods'   => WP_REST_Server::DELETABLE,
                    'callback'  => array( $this, 'delete_brand' ),
                    'permission_callback' => '__return_true'
                  )
                ));
    
    Thread Starter Johnny52

    (@johnny52)

    Great thank you …That did the trick 🙂

    When is the author going to fix this?

    Oea

    (@oeadevelopers)

    Me too got similar message today.

    \\
    Notice: register_rest_route was called incorrectly. The REST API route definition for wc/v1/brands is missing the required permission_callback argument. For REST API routes that are intended to be public, use __return_true as the permission callback. Please see Debugging in WordPress for more information. (This message was added in version 5.5.0.) in /home/thebig/public_html/demo/powertools/wp-includes/functions.php on line 5225
    \\

    Until plugin developer releases the patch I am gonna use above code as a work-around. Thanks ravimallya!

    • This reply was modified 1 year, 2 months ago by Oea. Reason: Personalized the thank note

    @ravimallya Thanks!

    @ravimallya It worked thanks.

    This stops the notices from filling up your log file but hides a security threat. Anyone can create and delete brands within your database without API keys or being logged into the site. It may be possible to leverage this for stored XSS attacks or other injection attacks.

    I’m opening a PR with the developer since no one has yet.

    For the READABLE endpoint you can use the suggested permission_callback but for the CREATABLE and DELETABLE I would use something like the following instead:

    'permission_callback' => function() {
        return current_user_can( 'manage_options' );
    },
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘missing the required permission_callback argument’ is closed to new replies.