[wp-meta] [Making WordPress.org] #3244: Data Protection and Bank Detail issues

Making WordPress.org noreply at wordpress.org
Tue Nov 7 23:01:00 UTC 2017


#3244: Data Protection and Bank Detail issues
----------------------------------------+------------------
 Reporter:  Hugo Finley                 |       Owner:
     Type:  defect                      |      Status:  new
 Priority:  high                        |   Milestone:
Component:  WordCamp Site & Plugins     |  Resolution:
 Keywords:  needs-patch good-first-bug  |
----------------------------------------+------------------

Comment (by iandunn):

 Replying to [comment:14 TJNowell]:
 > re: 2, I'd have hidden the post entirely, as long as those meta values
 never become available via the REST API that should be effective

 Huh, that surprises me. I can't think of any reason why we'd need to hide
 reimbursement requests from other organizers (after PII is scrubbed).

 ''(Actually, I think that all of the budget posts types should be
 completely public (minus PII), for the sake of transparency, but that's a
 whole other discussion.)''

 Am I missing something?

 I think meta fields are only included in REST API endpoints if they're
 explicitly registered and opt-in (i.e., `register_meta( $type, $key,
 array( 'show_in_rest' => true ) )`, so that shouldn't be an issue. If they
 did accidentally make it in, they'd still be encrypted, for the same
 reason as #3253.

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3244#comment:15>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list