[wp-trac] [WordPress Trac] #50075: Trigger _doing_it_wrong for dangerous REST API endpoint option
WordPress Trac
noreply at wordpress.org
Mon May 4 15:03:19 UTC 2020
#50075: Trigger _doing_it_wrong for dangerous REST API endpoint option
--------------------------+---------------------
Reporter: rmccue | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.5
Component: REST API | Version: 4.4
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+---------------------
Changes (by TimothyBlynJacobs):
* version: => 4.4
* milestone: Awaiting Review => 5.5
Comment:
Discussed in slack:
- https://wordpress.slack.com/archives/C02RQC26G/p1552590412266800
- https://wordpress.slack.com/archives/C02RQC26G/p1585669262124700
Examples in the wild:
- https://blog.sucuri.net/2019/03/vulnerability-disclosure-siteground-
optimizer-caldera-forms.html
- https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-
affecting-over-200000-sites-patched-in-rank-math-seo-plugin/
One of the things we discussed is whether we should allow
`permission_callback => true` as a shortcut for `__return_true`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50075#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list