Context Navigation

← Previous Ticket
Next Ticket →

#20201 new defect (bug)

wp.Options lies about the updatability of options.

Reported by:	westi	Owned by:	westi
Priority:	low	Milestone:	3.6
Component:	XML-RPC	Version:	3.4
Severity:	normal	Keywords:	westi-likes has-patch dev-feedback commit
Cc:

Description

When an XMLRPC client calls this API we give it a readonly status for each of the options returned which lets it know whether or not the options are writable or not.

This status is hardcoded in the code and not capability aware so a user with only subscriber level access is given the impression that they can update options they can't.

Attachments (1)

wp.getOptions.capfix.diff (483 bytes) - added by westi 15 months ago.: The simple fix for this bug.

Download all attachments as: .zip

Change History (10)

comment:1 westi — 15 months ago

A tangentially related issue was raised in #16986.

westi — 15 months ago

Attachment wp.getOptions.capfix.diff added

The simple fix for this bug.

comment:2 westi — 15 months ago

The test cases for this are in [UT567]

comment:3 westi — 12 months ago

Keywords 3.5-early westi-likes added

comment:4 follow-up: ↓ 5 nacin — 12 months ago

I think this makes sense, but it also makes me wonder what the definition of 'readonly' is. There are two ways to look at it: A) the option is generally writable, B) the current user can write to a writable option.

Currently, we're dealing with method A. This patch will change it to method B.

I doubt many applications are using wp.getOptions to determine generally writable fields, but I could understand how the UI could be implemented differently, based on the context. Say, text for a read-only option, versus a disabled field if they don't have the ability to edit that option.

comment:5 in reply to: ↑ 4 westi — 12 months ago

Replying to nacin:

I think this makes sense, but it also makes me wonder what the definition of 'readonly' is. There are two ways to look at it: A) the option is generally writable, B) the current user can write to a writable option.

Currently, we're dealing with method A. This patch will change it to method B.

I doubt many applications are using wp.getOptions to determine generally writable fields, but I could understand how the UI could be implemented differently, based on the context. Say, text for a read-only option, versus a disabled field if they don't have the ability to edit that option.

Agreed, I think method A is wrong here and method B is right.

As an application developer I would want to be able to write an intelligent UI which used the read-only status to determine how my ui presented options to the user.

Switching to B allows us to also change our view on whether or not things are read-only in future more simply too because the API gives a application a true view of the current read/write status of the options.

comment:6 markoheijnen — 5 months ago

Keywords 3.5-early removed
Milestone changed from Future Release to 3.6

I would love to see this in 3.6 because I also agree that method B is right

comment:7 markjaquith — 3 months ago

Keywords has-patch dev-feedback added

Patch still applies, and I think it's the right fix.

comment:8 markoheijnen — 2 weeks ago

Can we commit this?

comment:9 SergeyBiryukov — 2 weeks ago

Keywords commit added

Note: See TracTickets for help on using tickets.

Download in other formats: