#5534 closed defect (bug) (fixed)
Limit XML-RPC method wp.getAuthors to only return user_id, user_login and display_name & add capability check (edit_posts)
Reported by: | josephscott | Owned by: | |
---|---|---|---|
Milestone: | 2.5 | Priority: | normal |
Severity: | normal | Version: | 2.3.2 |
Component: | XML-RPC | Keywords: | has-patch |
Focuses: | Cc: |
Description
The wp.getAuthors method just returns all of the data provided by get_users_of_blog(), we should limit it to just specific useful information. In this case information that is needed and helpful for setting the post author: user_id, user_login and display_name.
Also add a capability check, at a minimum should be able to edit posts. If you can't even do that then there really isn't any reason to expose the list of authors on a blog.
Attachments (1)
Change History (4)
Note: See
TracTickets for help on using
tickets.
(In [6498]) Limit what getAuthors exposes. Props josephscott for the patch and xknown for the find. fixes #5534 for 2.4