Make WordPress Core


Ignore:
Timestamp:
10/12/2023 12:28:57 PM (14 months ago)
Author:
audrasjb
Message:

REST API: Limit search_columns for users without list_users.

Props Vortfu, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

    r56586 r56833  
    319319
    320320        if ( ! empty( $prepared_args['search'] ) ) {
     321            if ( ! current_user_can( 'list_users' ) ) {
     322                $prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' );
     323            }
    321324            $prepared_args['search'] = '*' . $prepared_args['search'] . '*';
    322325        }
Note: See TracChangeset for help on using the changeset viewer.