[wp-trac] [WordPress Trac] #38820: REST API: Clients should not be allowed to set arbitrary comment_type's
WordPress Trac
noreply at wordpress.org
Wed Nov 16 13:11:40 UTC 2016
#38820: REST API: Clients should not be allowed to set arbitrary comment_type's
--------------------------+-----------------------
Reporter: dd32 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: rest-api
--------------------------+-----------------------
Comment (by dd32):
I'll also add that I'm not sure a user with `moderate_comments` capability
should be allowed to set this field either, but followed that inline with
what the other fields in the API endpoint require. I'd be all for
rejecting all requests which attempted to set it (unless a plugin had
allowed it somehow).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38820#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list