[wp-trac] [WordPress Trac] #18028: wp.getAuthors user_email not returned for admin role
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 15 12:59:13 UTC 2011
#18028: wp.getAuthors user_email not returned for admin role
--------------------------+----------------------
Reporter: jabowery | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: XML-RPC | Version:
Severity: normal | Resolution: wontfix
Keywords: |
--------------------------+----------------------
Changes (by westi):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Replying to [ticket:18028 jabowery]:
> The fix to the security hole with wp.getAuthors returning fields like
user_email to unauthorized users was incorrect. The restriction on values
returned from wp.getAuthors (and indeed any XMLRPC call) should be based
on role rather than merely lopping them off for all roles.
I disagree.
I think it is much better to return a constant list of attributes
regardless of role than vary the response based on role.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18028#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list