[wp-trac] [WordPress Trac] #18028: wp.getAuthors user_email not returned for admin role
WordPress Trac
wp-trac at lists.automattic.com
Thu Jul 7 18:09:34 UTC 2011
#18028: wp.getAuthors user_email not returned for admin role
--------------------------+-----------------------------
Reporter: jabowery | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
The fix to the security hole with wp.getAuthors returning fields like
user_email to unauthorized users was incorrect. The restriction on values
returned from wp.getAuthors (and indeed any XMLRPC call) should be based
on role rather than merely lopping them off for all roles.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18028>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list