[wp-trac] [WordPress Trac] #38819: REST API: Limit what users can set `author_ip` in the Comments endpoint
WordPress Trac
noreply at wordpress.org
Fri Nov 18 21:12:05 UTC 2016
#38819: REST API: Limit what users can set `author_ip` in the Comments endpoint
------------------------------+--------------------------
Reporter: dd32 | Owner: rachelbaker
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.7
Component: Comments | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch commit | Focuses: rest-api
------------------------------+--------------------------
Changes (by rachelbaker):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"39302"]:
{{{
#!CommitTicketReference repository="" revision="39302"
REST API: On Comment create, limit the ability to set the `author_ip`
value directly.
Users without the moderate_comments capability can no longer set the
`author_ip` property directly, and instead receive a `WP_Error` if they
attempt to do so. Otherwise, the `author_ip property` is populated from
`$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally,
fallback to 127.0.0.1 as a last resort.
Props dd32, rachelbaker, joehoyle.
Fixes #38819.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38819#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list