id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 5534 Limit XML-RPC method wp.getAuthors to only return user_id, user_login and display_name & add capability check (edit_posts) josephscott "The wp.getAuthors method just returns all of the data provided by get_users_of_blog(), we should limit it to just specific useful information. In this case information that is needed and helpful for setting the post author: user_id, user_login and display_name. Also add a capability check, at a minimum should be able to edit posts. If you can't even do that then there really isn't any reason to expose the list of authors on a blog." defect (bug) closed normal 2.5 XML-RPC 2.3.2 normal fixed has-patch