#5535 closed defect (bug) (fixed)
Limit post_password exposure in XML-RPC metaWeblog.getRecentPosts
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 2.3.2 | Priority: | normal |
Severity: | normal | Version: | 2.3.2 |
Component: | XML-RPC | Keywords: | has-patch has-unit-tests |
Focuses: | Cc: |
Description
Add checks to metaWeblog.getRecentPosts so that only users who can edit a post will be provided a post_password, if one is set.
Attachments (1)
Change History (7)
This ticket was mentioned in PR #5538 on WordPress/wordpress-develop by @dmsnell.
16 months ago
#4
- Keywords has-unit-tests added
Follows #5535
There are a handful of elements the behave similarly and are generically
container elements. These are the following elements:
ADDRESS, ARTICLE, ASIDE, BLOCKQUOTE, CENTER, DETAILS, DIALOG, DIR,
DL, DIV, FIELDSET, FIGCAPTION, FIGURE, FOOTER, HEADER, HGROUP, MAIN,
MENU, NAV, SEARCH, SECTION, SUMMARY,
This patch adds support to the HTML Processor for handling these elements.
They do not require any additional logic in the rest of the class, and carry
no specific semantic rules for parsing beyond what is listed in their group
in the IN BODY section of the HTML5 specification
@Bernhard Reiter commented on PR #5538:
15 months ago
#5
BTW really appreciate the test coverage -- they're easy to read and follow, and provide a lot of confidence in the code changes! 🙌
@Bernhard Reiter commented on PR #5538:
15 months ago
#6
Committed to Core in https://core.trac.wordpress.org/changeset/57115.
(In [6496]) Limit post_password exposure. Props josephscott for the patch and xknown for the find. fixes #5535 for 2.4