[wp-trac] [WordPress Trac] #39701: Do not allow editing users from a different site in REST API
WordPress Trac
noreply at wordpress.org
Sat Jan 28 17:33:03 UTC 2017
#39701: Do not allow editing users from a different site in REST API
--------------------------------------+------------------------
Reporter: flixos90 | Owner: flixos90
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7.3
Component: REST API | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: multisite
--------------------------------------+------------------------
Comment (by johnjamesjacoby):
Thought did go into it, and this is what the original authors thought was
best, even if we don't agree ourselves. :)
If it's a bug, we should fix the bug, but that doesn't seem to be the
case.
If this is just the way the `v1` API works, we can't change it because
it's a public API. If anything, parity with core functions to restrict it
to super admins seems like the bug fix that's least likely to cause
breakage.
We've been lucky to be able to take some liberty with private multisite
APIs, but public ones are pretty much for life until deprecated. If we're
deprecating this already, I imagine we'll want to run that past the REST
API team to discuss what that looks like in core.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39701#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list