Bug #19775: Check member status when using REST API for private sites - CUNY Academic Commons - CUNY Graduate Center - Project Tracking System

Actions

Copy link

Bug #19775

closed

Check member status when using REST API for private sites

Added by Raymond Hoh 9 months ago. Updated 9 months ago.

Status:

Resolved

Priority name:

Normal

Assignee:

Raymond Hoh

Category name:

WordPress (Permissions)

Target version:

2.3.3

Start date:

2024-02-19

Due date:

% Done:

Estimated time:

Deployment actions:

Description

We allow sites to alter their site privacy with the "More Privacy Options" plugin.

The MPO plugin currently does member status checks for users on the frontend to determine if a user is able to access a private site, however member status checks are not done when accessing the WP REST API. So it would be possible for someone to access private content if the user was savvy enough with the WP REST API to query for post content, etc.

This was brought up in a CBOX OpenLab support thread: https://cboxopenlab.org/groups/the-hub/forum/topic/question-about-the-more-privacy-options-plugin/#post-696

Fix forthcoming.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

CUNY Academic Commons

Custom queries

Bug #19775

Check member status when using REST API for private sites

Updated by Raymond Hoh 9 months ago

Updated by Boone Gorges 9 months ago

Updated by Boone Gorges 9 months ago