Opened 15 months ago

Closed 13 months ago

#20154 closed defect (bug) (fixed)

Add cap check to XML_RPC wp.getPostFormats

Reported by: maxcutler Owned by: ryan
Priority: normal Milestone: 3.4
Component: XML-RPC Version: 3.3.1
Severity: minor Keywords: has-patch
Cc:

Description

The wp_getPostFormats method does not perform any cap checks like other XML-RPC methods. Even though the information is theoretically harmless, other methods like wp_getPostStatusList check against edit_posts to guard against info leakage.

Attachments (1)

wp_getPostFormats_cap_check.patch (580 bytes) - added by maxcutler 15 months ago.

Download all attachments as: .zip

Change History (3)

maxcutler15 months ago

comment:1   nacin13 months ago

  • Milestone changed from Awaiting Review to 3.4

comment:2   ryan13 months ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [20566]:

Require the edit_posts capability for wp_getPostFormats.

Props maxcutler.
Fixes #20154

Note: See TracTickets for help on using tickets.