[wp-trac] [WordPress Trac] #48885: REST API: Add a route to read and update separate site settings

WordPress Trac noreply at wordpress.org
Wed Dec 11 22:40:11 UTC 2019


#48885: REST API: Add a route to read and update separate site settings
--------------------------------------------------+---------------------
 Reporter:  scruffian                             |       Owner:  (none)
     Type:  enhancement                           |      Status:  new
 Priority:  normal                                |   Milestone:  5.4
Component:  REST API                              |     Version:
 Severity:  normal                                |  Resolution:
 Keywords:  has-patch has-unit-tests 2nd-opinion  |     Focuses:
PR Number:                                        |
--------------------------------------------------+---------------------

Comment (by TimothyBlynJacobs):

 > Adding new data to this response seems like an unsupported edge case: if
 you want to add data, add a setting.

 It would also be for modifying an option's representation. But I agree,
 and would classify it as #doingitwrong, but it makes me nervous that that
 it would lead to a potential information disclosure issue. Particularly
 since we haven't really said it is a misappropriation of that filter.

 >I'm fine with versioning. We haven't done that in Core yet, so there will
 probably need to be a bit of work to come up with a pattern, but it's not
 a super complex thing to do.

 Yeah not technically difficult, but a lot of implications it would be
 interesting to explore.

 > The problem is that we have a bunch of obviously public options (eg,
 blogname, blogdescription, siteurl, timezone_string) mixed in with a few
 obviously private options (eg, admin_email).

 These have been available or made available via the REST API index `/wp-
 json/`, `WP_REST_Server::get_index()`.

 The question seems to be whether this needs to be addressed in the client,
 or in the server. The complexity exists either way, I'm still not
 understanding why it is better to solve it in the server. These feel a lot
 like entirely separate contexts ( the logged in administrator, versus
 everyone else ) to me. But I'm just repeating myself at this point 😃.
 I'll let @kadamwhite and other REST API team members chime in. I may very
 well be making a mountain out of a mole hill.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48885#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list