[wp-meta] [Making WordPress.org] #4047: WordCamp.org: meetups exposed in REST API
Making WordPress.org
noreply at wordpress.org
Sat Jan 5 15:54:43 UTC 2019
#4047: WordCamp.org: meetups exposed in REST API
-------------------------------------+-------------------------
Reporter: sippis | Owner: sippis
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: WordCamp Site & Plugins | Keywords: needs-patch
-------------------------------------+-------------------------
All the meetups regardless of their status, are exposed to the public in
the REST API if you happen to know or guess the post ID.
Endpoint does not reveal any sensitive information and almost all the same
details are exposed to the public in the meetup application status report
page (https://central.wordcamp.org/reports/meetup-applications/). But I
guess we really shouldn't expose meetups in REST API because of the status
report page limits the visibility in some way (eg for the time period) and
meetup REST API base (https://central.wordcamp.org/wp-json/wp/v2/meetups)
returns an empty array?
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/4047>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list