[wp-trac] [WordPress Trac] #20154: Add cap check to XML_RPC wp.getPostFormats
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 2 15:01:21 UTC 2012
#20154: Add cap check to XML_RPC wp.getPostFormats
--------------------------+-----------------------------
Reporter: maxcutler | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: 3.3.1
Severity: minor | Keywords: has-patch
--------------------------+-----------------------------
The wp_getPostFormats method does not perform any cap checks like other
XML-RPC methods. Even though the information is theoretically harmless,
other methods like wp_getPostStatusList check against `edit_posts` to
guard against info leakage.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20154>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list