Limit XML-RPC method wp.getAuthors to only return user_id, user_login and display_name & add capability check (edit_posts)
|Reported by:||josephscott||Owned by:||anonymous|
The wp.getAuthors method just returns all of the data provided by get_users_of_blog(), we should limit it to just specific useful information. In this case information that is needed and helpful for setting the post author: user_id, user_login and display_name.
Also add a capability check, at a minimum should be able to edit posts. If you can't even do that then there really isn't any reason to expose the list of authors on a blog.