Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#20356 closed defect (bug) (fixed)

mw.newPost allows invalid author IDs

Reported by: maxcutler Owned by: westi
Priority: normal Milestone: 3.4
Component: XML-RPC Version:
Severity: normal Keywords: has-patch
Cc:

Description

The metaWeblog.newPost method does not validate that the supplied wp_author_id is valid. This allows for invalid post_author values on posts created or edited by XML-RPC.

Unit test was added by westi in [UT592].

Attachments (1)

20356.patch (543 bytes) - added by maxcutler 14 months ago.

Download all attachments as: .zip

Change History (4)

maxcutler14 months ago

comment:1   maxcutler14 months ago

  • Component changed from General to XML-RPC

comment:2   westi14 months ago

  • Owner set to westi
  • Resolution set to fixed
  • Status changed from new to closed

In [20351]:

XMLRPC: Add a check in mw.newPost to stop the authorID being changed to an invalid value. Fixes #20356 props maxcutler.

comment:3   SergeyBiryukov14 months ago

  • Milestone changed from Awaiting Review to 3.4
Note: See TracTickets for help on using tickets.