Skip to content
This repository has been archived by the owner. It is now read-only.

Add register_post_type argument for API exposure #136

Closed
rmccue opened this issue Apr 15, 2014 · 4 comments
Closed

Add register_post_type argument for API exposure #136

rmccue opened this issue Apr 15, 2014 · 4 comments
Milestone

Comments

@rmccue
Copy link
Member

rmccue commented Apr 15, 2014

As discussed on IRC, we should add a new argument to register_post_type to ensure that data is not exposed via the API that shouldn't be.

At the moment, I think we check public. Instead, let's check this and default back to public if we need to.

@iandunn
Copy link

iandunn commented Apr 18, 2014

attachment posts whose parent is a post type that isn't public shouldn't be exposed either.

@rmccue
Copy link
Member Author

rmccue commented Apr 20, 2014

attachment posts whose parent is a post type that isn't public shouldn't be exposed either.

This should already be handled by the post_status = inherit on attachment posts, I think.

@iandunn
Copy link

iandunn commented Apr 21, 2014

Ah, yeah, that's sounds right. I was playing around with some other stuff related to attachments, and it made me think about this, but it should be taken care of by inherit. Just to be safe I've added it to my list of things to test when auditing what gets exposed, though.

@iandunn
Copy link

iandunn commented Apr 21, 2014

An attachment post attached to a post post that has show_in_json = 1 and post_status = private is currently exposed, but it looks like WP always makes attachment posts public, regardless of the visibility of the post its attached to (of if it's attached to anything at all), so I guess there's no point in the API trying to hide it.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants