[wp-trac] [WordPress Trac] #38820: REST API: Clients should not be allowed to set arbitrary comment_type's
WordPress Trac
noreply at wordpress.org
Fri Nov 18 18:36:12 UTC 2016
#38820: REST API: Clients should not be allowed to set arbitrary comment_type's
--------------------------------------+--------------------------
Reporter: dd32 | Owner: rachelbaker
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.7
Component: Comments | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses: rest-api
--------------------------------------+--------------------------
Changes (by rachelbaker):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"39290"]:
{{{
#!CommitTicketReference repository="" revision="39290"
REST API: On comment create, return an error if the `type` property is set
to anything other than `comment`.
Of the default comment_types, only comments are expected to be created via
the REST API endpoint. Comments do not have registered types the way that
Posts do, so we do not have a method to accurately check permissions for
arbitrary comment types.
Props dd32, boonebgorges, rachelbaker.
Fixes #38820.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38820#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list