[wp-trac] [WordPress Trac] #44157: the comments/[id] endpoints should have the same permissions checks as the comments endpoint
WordPress Trac
noreply at wordpress.org
Tue Jun 18 18:49:14 UTC 2019
#44157: the comments/[id] endpoints should have the same permissions checks as the
comments endpoint
--------------------------+-----------------------------
Reporter: tharsheblows | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses:
--------------------------+-----------------------------
Changes (by TimothyBlynJacobs):
* keywords: => 2nd-opinion
* milestone: Awaiting Review => Future Release
Comment:
I’m really not sure what to do with this. It seems incredibly plausible
that someone is making use of this functionality and as such, locking it
down might break their code. However, it also could be considered an
information disclosure issue.
Given that we haven't seen more reports, I'm tempted to leave this as is,
but I wouldn't really be happy with that. Maybe a Make.Core post to see if
people are using this functionality and address it early in the cycle?
Either way, we should make a decision.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44157#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list