[wp-trac] [WordPress Trac] #5534: Limit XML-RPC method
wp.getAuthors to only return user_id,
user_login and display_name & add capability check (edit_posts)
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 26 18:24:28 GMT 2007
#5534: Limit XML-RPC method wp.getAuthors to only return user_id, user_login and
display_name & add capability check (edit_posts)
-------------------------+--------------------------------------------------
Reporter: josephscott | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5
Component: XML-RPC | Version: 2.4
Severity: normal | Keywords: has-patch
-------------------------+--------------------------------------------------
The wp.getAuthors method just returns all of the data provided by
get_users_of_blog(), we should limit it to just specific useful
information. In this case information that is needed and helpful for
setting the post author: user_id, user_login and display_name.
Also add a capability check, at a minimum should be able to edit posts.
If you can't even do that then there really isn't any reason to expose the
list of authors on a blog.
--
Ticket URL: <http://trac.wordpress.org/ticket/5534>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list