[wp-trac] [WordPress Trac] #25805: Permission for wp.getPost in XML-RPC API
WordPress Trac
noreply at wordpress.org
Sat Nov 2 15:45:19 UTC 2013
#25805: Permission for wp.getPost in XML-RPC API
--------------------------+------------------------------
Reporter: Michenux | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: 3.7.1
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by SergeyBiryukov):
Originally introduced in [6503] for `wp.getPage`, `blogger.getPost`, and
`metaWeblog.getPost`. [19848] for `wp.getPost`. Modified in [21137] and
[24593].
I guess the reason is that these functions return the post for editing
rather than viewing. Otherwise anyone would be able to see `post_password`
or any other raw field value of any post.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25805#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list