Make WordPress Core

Opened 16 years ago

Closed 16 years ago

Last modified 3 months ago

#5535 closed defect (bug) (fixed)

Limit post_password exposure in XML-RPC metaWeblog.getRecentPosts

Reported by: josephscott's profile josephscott Owned by:
Milestone: 2.3.2 Priority: normal
Severity: normal Version: 2.3.2
Component: XML-RPC Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

Add checks to metaWeblog.getRecentPosts so that only users who can edit a post will be provided a post_password, if one is set.

Attachments (1)

xmlrpc.php.diff (589 bytes) - added by josephscott 16 years ago.

Download all attachments as: .zip

Change History (7)

#1 @ryan
16 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6496]) Limit post_password exposure. Props josephscott for the patch and xknown for the find. fixes #5535 for 2.4

#2 @ryan
16 years ago

(In [6497]) Limit post_password exposure. Props josephscott for the patch and xknown for the find. fixes #5535 for 2.3

#3 @ryan
16 years ago

  • Milestone changed from 2.4 to 2.3.2

This ticket was mentioned in PR #5538 on WordPress/wordpress-develop by @dmsnell.


4 months ago
#4

  • Keywords has-unit-tests added

Follows #5535

There are a handful of elements the behave similarly and are generically
container elements. These are the following elements:

ADDRESS, ARTICLE, ASIDE, BLOCKQUOTE, CENTER, DETAILS, DIALOG, DIR,
DL, DIV, FIELDSET, FIGCAPTION, FIGURE, FOOTER, HEADER, HGROUP, MAIN,
MENU, NAV, SEARCH, SECTION, SUMMARY,

This patch adds support to the HTML Processor for handling these elements.
They do not require any additional logic in the rest of the class, and carry
no specific semantic rules for parsing beyond what is listed in their group
in the IN BODY section of the HTML5 specification

@Bernhard Reiter commented on PR #5538:


3 months ago
#5

BTW really appreciate the test coverage -- they're easy to read and follow, and provide a lot of confidence in the code changes! 🙌

Note: See TracTickets for help on using tickets.