#25805 closed defect (bug) (wontfix)
Permission for wp.getPost in XML-RPC API
Reported by: | Michenux | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.4 |
Component: | XML-RPC | Keywords: | |
Focuses: | Cc: |
Description
Hi,
In the XML-RPC API, the wp.getPost needs the "edit post" permission. Why ?
I think it's wrong because wp.getPost doesnot edit anything. It's just
for reading posts.
Change History (7)
#2
@
11 years ago
I use xml-rpc from an Android application. I don't want that my android application
uses a wordpress user with read/write access. I need only reading. It would be a
security issue if i had to use a user with write access.
#3
@
11 years ago
I guess for an application that isn't user depended I would use a JSON feed and most just use something like https://github.com/WP-API/WP-API/
At least for iOS I don't want to use an XML-RPC and I'm pretty sure the same counts for Android.
#4
@
11 years ago
I didnot know that you could add a json feed on wordpress.
It's great. JSON is a much better solution for mobile application.
I will try, thanks for your support (fast and great answers).
#5
@
11 years ago
- Version changed from 3.7.1 to 3.4
Version number indicates the earliest applicable version, which is 3.4 here.
#6
@
10 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
Closing it due that this has been a behaviour for a long time. When https://github.com/WP-API/WP-API/ gets included, this will be things that will be looked at.
Originally introduced in [6503] for
wp.getPage
,blogger.getPost
, andmetaWeblog.getPost
. [19848] forwp.getPost
. Modified in [21137] and [24593].I guess the reason is that these functions return the post for editing rather than viewing. Otherwise anyone would be able to see
post_password
or any other raw field value of any post.