[wp-trac] [WordPress Trac] #38417: Post status enum is ignored in collection params, allowing invalid values
WordPress Trac
noreply at wordpress.org
Thu Oct 20 18:06:56 UTC 2016
#38417: Post status enum is ignored in collection params, allowing invalid values
--------------------------+--------------------------
Reporter: joehoyle | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7
Component: REST API | Version:
Severity: normal | Keywords: dev-feedback
Focuses: |
--------------------------+--------------------------
Originally reported at https://github.com/WP-API/WP-API/issues/2889,
currently the post status in `/wp/v2/posts?status=invalid` does not throw
an error and is passed to WP_Query, resulting in all post statuses being
returned.
Note: this does not affect unauthenticated users, as we whitelist those
types, so there's no permissions / information disclosure here.
Proposed fix in https://github.com/danielbachhuber/wordpress-
develop/pull/4
cc @rmccue
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38417>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list