[wp-trac] [WordPress Trac] #61837: REST API: Uncaught TypeError when post password is provided as integer
WordPress Trac
noreply at wordpress.org
Tue Sep 17 22:17:59 UTC 2024
#61837: REST API: Uncaught TypeError when post password is provided as integer
--------------------------------------+------------------------------
Reporter: mlf20 | Owner: kadamwhite
Type: defect (bug) | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 6.2.2
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses: rest-api
--------------------------------------+------------------------------
Changes (by kadamwhite):
* status: accepted => closed
* resolution: => fixed
Comment:
In [changeset:"59036" 59036]:
{{{
#!CommitTicketReference repository="" revision="59036"
REST API: Only check password value in query parameters while checking
post permissions.
The `password` property which gets sent as part of a request POST body
while setting a post's password should not be checked when calculating
post visibility permissions.
That value in the request body is intended to update the post, not to
authenticate, and may be malformed or an invalid non-string type which
would cause a fatal when checking against the hashed post password value.
Query parameter `?password=` values are the correct interface to check,
and are also guaranteed to be strings.
Props mlf20, devansh016, antonvlasenko, TimothyBlynJacobs, kadamwhite.
Fixes #61837.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61837#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list