[wp-trac] [WordPress Trac] #53008: Creating an anonymous comment with custom fields via REST API
WordPress Trac
noreply at wordpress.org
Fri Apr 9 14:45:56 UTC 2021
#53008: Creating an anonymous comment with custom fields via REST API
--------------------------+------------------------------
Reporter: dawgawel | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 4.7
Severity: normal | Resolution:
Keywords: | Focuses: rest-api
--------------------------+------------------------------
Changes (by TimothyBlynJacobs):
* version: 5.7 => 4.7
Comment:
Thanks for the ticket @dawgawel and welcome to trac!
The issue is that the `auth_callback` for a meta key is applied ''on top
of'' verifying that the user has access to edit the object itself,
https://github.com/WordPress/wordpress-
develop/blob/234c2b52ccf584cb93dce0eaf17431310b1d7458/src/wp-
includes/capabilities.php#L309
I don't think we could really change this without opening up security
issues. Instead, I'd recommend to use `register_rest_field` which will
allow you to use any updating logic you'd like.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53008#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list