[wp-trac] [WordPress Trac] #38926: REST API: Validate thumbnail ID in response
WordPress Trac
noreply at wordpress.org
Thu Dec 1 04:01:05 UTC 2016
#38926: REST API: Validate thumbnail ID in response
--------------------------+-----------------------------
Reporter: iseulde | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: REST API | Version: trunk
Severity: minor | Resolution:
Keywords: close | Focuses:
--------------------------+-----------------------------
Changes (by rachelbaker):
* keywords: => close
Comment:
Thank you @helen for moving this out of the 4.7 milestone.
Do we want to fix this at all?? This sounds like an example of "garbage
in, garbage out" to me - and where my views differ from @joehoyle.
Our current behavior when it comes to related object ids is return what is
in the database on GET requests, and validate on create/update.
Adding validation logic for GET requests could have a performance impact
(especially on collection requests on large sites) because we would have
to add additional queries to look up these objects. This wouldn't only
impact looking up attachment posts either, we would have to apply the same
validation to the author and parent ids of posts, the post id of comments,
the term ids of posts, the list goes on.
I don't think the added cost is worth the perceived benefits, but willing
to let my opinion be overruled.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38926#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list