[wp-meta] [Making WordPress.org] #3244: Data Protection and Bank Detail issues
Making WordPress.org
noreply at wordpress.org
Tue Nov 7 23:01:00 UTC 2017
#3244: Data Protection and Bank Detail issues
----------------------------------------+------------------
Reporter: Hugo Finley | Owner:
Type: defect | Status: new
Priority: high | Milestone:
Component: WordCamp Site & Plugins | Resolution:
Keywords: needs-patch good-first-bug |
----------------------------------------+------------------
Comment (by iandunn):
Replying to [comment:14 TJNowell]:
> re: 2, I'd have hidden the post entirely, as long as those meta values
never become available via the REST API that should be effective
Huh, that surprises me. I can't think of any reason why we'd need to hide
reimbursement requests from other organizers (after PII is scrubbed).
''(Actually, I think that all of the budget posts types should be
completely public (minus PII), for the sake of transparency, but that's a
whole other discussion.)''
Am I missing something?
I think meta fields are only included in REST API endpoints if they're
explicitly registered and opt-in (i.e., `register_meta( $type, $key,
array( 'show_in_rest' => true ) )`, so that shouldn't be an issue. If they
did accidentally make it in, they'd still be encrypted, for the same
reason as #3253.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3244#comment:15>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list