[wp-trac] [WordPress Trac] #38819: REST API: Limit what users can set `author_ip` in the Comments endpoint
WordPress Trac
noreply at wordpress.org
Fri Nov 18 19:58:33 UTC 2016
#38819: REST API: Limit what users can set `author_ip` in the Comments endpoint
------------------------------+--------------------------
Reporter: dd32 | Owner: rachelbaker
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 4.7
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: has-patch commit | Focuses: rest-api
------------------------------+--------------------------
Comment (by joehoyle):
Added a refresh patch with some more tests and removed `karma` conflicting
line. I also remove the `empty` check on `$_SERVER['REMOTE_ADDR']` as this
is going to cause a slight logic issue whereby an empty `REMOTE_ADDR`
would allow setting the author IP to anything you wanted. I don't know if
this value would ever be blank (maybe CLI) but I think it's better to not
have the logic error and risk the PHP notice.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38819#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list