[wp-meta] [Making WordPress.org] #4047: WordCamp.org: meetups exposed in REST API

Making WordPress.org noreply at wordpress.org
Sat Jan 5 15:54:43 UTC 2019


#4047: WordCamp.org: meetups exposed in REST API
-------------------------------------+-------------------------
 Reporter:  sippis                   |      Owner:  sippis
     Type:  defect                   |     Status:  assigned
 Priority:  normal                   |  Milestone:
Component:  WordCamp Site & Plugins  |   Keywords:  needs-patch
-------------------------------------+-------------------------
 All the meetups regardless of their status, are exposed to the public in
 the REST API if you happen to know or guess the post ID.

 Endpoint does not reveal any sensitive information and almost all the same
 details are exposed to the public in the meetup application status report
 page (https://central.wordcamp.org/reports/meetup-applications/). But I
 guess we really shouldn't expose meetups in REST API because of the status
 report page limits the visibility in some way (eg for the time period) and
 meetup REST API base (https://central.wordcamp.org/wp-json/wp/v2/meetups)
 returns an empty array?

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/4047>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list