[wp-trac] [WordPress Trac] #16986: wp.getOptions do'nt have a capability check
WordPress Trac
wp-trac at lists.automattic.com
Mon Mar 28 20:08:47 UTC 2011
#16986: wp.getOptions do'nt have a capability check
--------------------------+------------------------------
Reporter: nprasath002 | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: 3.1
Severity: minor | Resolution: invalid
Keywords: has-patch |
--------------------------+------------------------------
Changes (by ericmann):
* status: new => closed
* resolution: => invalid
Comment:
Actually, after putting some thought into this, we shouldn't restrict
options checking with a capability check. That would disallow remote
applications from getting ''any'' options values unless the user had
permission to manage options.
Think about how many times a site calls `get_option()` for unauthenticated
users or for authors without options management privileges.
`wp.getOptions` serves a similar purpose for remote apps; a capability
check here isn't really appropriate.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16986#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list