[wp-trac] [WordPress Trac] #38926: REST API: Validate thumbnail ID in response

WordPress Trac noreply at wordpress.org
Thu Dec 1 04:01:05 UTC 2016

#38926: REST API: Validate thumbnail ID in response
 Reporter:  iseulde       |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Future Release
Component:  REST API      |     Version:  trunk
 Severity:  minor         |  Resolution:
 Keywords:  close         |     Focuses:
Changes (by rachelbaker):

 * keywords:   => close


 Thank you @helen for moving this out of the 4.7 milestone.

 Do we want to fix this at all?? This sounds like an example of "garbage
 in, garbage out" to me - and where my views differ from @joehoyle.

 Our current behavior when it comes to related object ids is return what is
 in the database on GET requests, and validate on create/update.
 Adding validation logic for GET requests could have a performance impact
 (especially on collection requests on large sites) because we would have
 to add additional queries to look up these objects.  This wouldn't only
 impact looking up attachment posts either, we would have to apply the same
 validation to the author and parent ids of posts, the post id of comments,
 the term ids of posts, the list goes on.

 I don't think the added cost is worth the perceived benefits, but willing
 to let my opinion be overruled.

Ticket URL: <https://core.trac.wordpress.org/ticket/38926#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list