[wp-trac] [WordPress Trac] #39701: Do not allow editing users from a different site in REST API
WordPress Trac
noreply at wordpress.org
Thu Feb 23 22:36:56 UTC 2017
#39701: Do not allow editing users from a different site in REST API
---------------------------------------------+------------------------
Reporter: flixos90 | Owner: flixos90
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.7.3
Component: REST API | Version: 4.7
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests commit | Focuses: multisite
---------------------------------------------+------------------------
Changes (by flixos90):
* status: accepted => closed
* resolution: => fixed
Comment:
In [changeset:"40106"]:
{{{
#!CommitTicketReference repository="" revision="40106"
REST API: Do not allow access to users from a different site in multisite.
It has been unintendedly possible to both view and edit users from a
different site than the current site in multisite environments. Moreover,
when passing roles to a user in an update request, that user would
implicitly be added to the current site.
This changeset removes the incorrect behavior for now in order to be able
to provide a proper REST API workflow for managing multisite users in the
near future. Related unit tests have been adjusted as well.
Props jnylen0, jeremyfelt, johnjamesjacoby.
Fixes #39701.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39701#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list