WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-includes/rest-api/endpoints
History
K. Adam White c418ba0205 REST API: Only check password value in query parameters while checking post permissions. 
The `password` property which gets sent as part of a request POST body while setting a post's password should not be checked when calculating post visibility permissions.

That value in the request body is intended to update the post, not to authenticate, and may be malformed or an invalid non-string type which would cause a fatal when checking against the hashed post password value.

Query parameter `?password=` values are the correct interface to check, and are also guaranteed to be strings.

Props mlf20, devansh016, antonvlasenko, TimothyBlynJacobs, kadamwhite.
Fixes #61837.


Built from https://develop.svn.wordpress.org/trunk@59036


git-svn-id: http://core.svn.wordpress.org/trunk@58432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 		2024-09-17 22:19:14 +00:00
..
class-wp-rest-application-passwords-controller.php Application Passwords: Allow a Super Admin to set an application password on a site they're not a member of. 2022-08-11 18:24:09 +00:00
class-wp-rest-attachments-controller.php Docs: Correct alignment for `rest_insert_attachment` action DocBlock. 2024-08-08 02:27:18 +00:00
class-wp-rest-autosaves-controller.php REST API: Fix issue with Template and Template Part Revision/Autosave REST API controllers. 2023-10-10 14:05:21 +00:00
class-wp-rest-block-directory-controller.php REST API: Avoid unnecessarily preparing item links. 2022-07-22 14:00:12 +00:00
class-wp-rest-block-pattern-categories-controller.php Docs: Correct `@return` values for a few REST API class methods. 2024-07-10 11:12:16 +00:00
class-wp-rest-block-patterns-controller.php Coding Standards: Apply changes after running `composer format`. 2024-06-13 15:06:07 +00:00
class-wp-rest-block-renderer-controller.php Docs: Document the globals used in some REST API methods. 2021-06-30 12:34:56 +00:00
class-wp-rest-block-types-controller.php REST API: Remove a few unused variables in `foreach` loops. 2024-07-09 13:53:16 +00:00
class-wp-rest-blocks-controller.php Coding Standards: Remove extra space in a comment in `WP_REST_Blocks_Controller`. 2023-10-31 14:23:21 +00:00
class-wp-rest-comments-controller.php General: Consistently cast return value to `int` in functions that use `ceil()`. 2024-02-17 15:24:08 +00:00
class-wp-rest-controller.php Coding Standards: Include one space after `function` keyword for closures. 2023-09-12 15:23:18 +00:00
class-wp-rest-edit-site-export-controller.php Docs: Correct `@return` values for a few REST API class methods. 2024-07-10 11:12:16 +00:00
class-wp-rest-font-collections-controller.php Editor: Ensure font collection metadata can be properly localized. 2024-02-21 19:27:14 +00:00
class-wp-rest-font-faces-controller.php Editor (Font Library): Store font subdirectory in post meta. 2024-06-05 23:19:17 +00:00
class-wp-rest-font-families-controller.php Editor: Add theme.json v3 migrations. 2024-06-04 11:55:14 +00:00
class-wp-rest-global-styles-controller.php Docs: Various docblock improvements and corrections. 2024-09-11 12:08:19 +00:00
class-wp-rest-global-styles-revisions-controller.php Block Themes: Add support for relative URLs in top-level theme.json styles 2024-05-31 01:19:14 +00:00
class-wp-rest-menu-items-controller.php Docs: Various docblock improvements and corrections. 2024-09-11 12:08:19 +00:00
class-wp-rest-menu-locations-controller.php Docs: Correct `@return` values for a few REST API class methods. 2024-07-10 11:12:16 +00:00
class-wp-rest-menus-controller.php REST API: Correct the docblocks for various permission related methods. 2023-08-18 17:46:18 +00:00
class-wp-rest-navigation-fallback-controller.php General: Remove discouraged `@return void` annotations. 2023-10-16 15:17:23 +00:00
class-wp-rest-pattern-directory-controller.php General: Introduce `wp_get_wp_version()` to get unmodified version. 2024-07-27 00:27:16 +00:00
class-wp-rest-plugins-controller.php Plugins: Correct the item schema for the plugins REST API endpoint. 2024-09-17 21:33:14 +00:00
class-wp-rest-post-statuses-controller.php REST API: Remove a few unused variables in `foreach` loops. 2024-07-09 13:53:16 +00:00
class-wp-rest-post-types-controller.php REST API: Add template and template_lock to post types endpoint. 2024-06-21 13:06:12 +00:00
class-wp-rest-posts-controller.php REST API: Only check password value in query parameters while checking post permissions. 2024-09-17 22:19:14 +00:00
class-wp-rest-revisions-controller.php General: Consistently cast return value to `int` in functions that use `ceil()`. 2024-02-17 15:24:08 +00:00
class-wp-rest-search-controller.php REST API: Prevent error when passing invalid `type` parameter to search endpoint. 2024-03-15 11:25:06 +00:00
class-wp-rest-settings-controller.php Options: Add 'label' argument to register_setting. 2024-05-29 08:53:09 +00:00
class-wp-rest-sidebars-controller.php Coding Standards: Restore more descriptive variable names in a few class methods. 2023-09-14 12:46:20 +00:00
class-wp-rest-site-health-controller.php Coding Standards: Include one space after `function` keyword for closures. 2023-09-12 15:23:18 +00:00
class-wp-rest-taxonomies-controller.php Docs: Correct `@return` values for a few REST API class methods. 2024-07-10 11:12:16 +00:00
class-wp-rest-template-autosaves-controller.php REST API: Fix issue with Template and Template Part Revision/Autosave REST API controllers. 2023-10-10 14:05:21 +00:00
class-wp-rest-template-revisions-controller.php Docs: Improve docblock for `WP_REST_Template_Revisions_Controller::get_parent()`. 2024-05-15 11:18:12 +00:00
class-wp-rest-templates-controller.php Docs: Fix multi-line inline comments in WP_REST_Templates_Controller. 2024-07-11 13:40:15 +00:00
class-wp-rest-terms-controller.php Docs: Fix typos in various REST API DocBlocks and comments. 2024-07-11 06:24:17 +00:00
class-wp-rest-themes-controller.php REST API: Remove a few unused variables in `foreach` loops. 2024-07-09 13:53:16 +00:00
class-wp-rest-url-details-controller.php Docs: Fix typos in various REST API DocBlocks and comments. 2024-07-11 06:24:17 +00:00
class-wp-rest-users-controller.php Coding Standards: Apply changes after running `composer format`. 2024-06-13 15:06:07 +00:00
class-wp-rest-widget-types-controller.php Coding Standards: Restore more descriptive variable names in a few class methods. 2023-09-14 12:46:20 +00:00
class-wp-rest-widgets-controller.php Docs: Correct `@return` values for a few REST API class methods. 2024-07-10 11:12:16 +00:00