New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add register_post_type argument for API exposure #136

Closed
rmccue opened this Issue Apr 15, 2014 · 4 comments

Comments

Projects
None yet
2 participants
@rmccue
Member

rmccue commented Apr 15, 2014

As discussed on IRC, we should add a new argument to register_post_type to ensure that data is not exposed via the API that shouldn't be.

At the moment, I think we check public. Instead, let's check this and default back to public if we need to.

@iandunn

This comment has been minimized.

Show comment
Hide comment
@iandunn

iandunn Apr 18, 2014

attachment posts whose parent is a post type that isn't public shouldn't be exposed either.

iandunn commented Apr 18, 2014

attachment posts whose parent is a post type that isn't public shouldn't be exposed either.

@rmccue

This comment has been minimized.

Show comment
Hide comment
@rmccue

rmccue Apr 20, 2014

Member

attachment posts whose parent is a post type that isn't public shouldn't be exposed either.

This should already be handled by the post_status = inherit on attachment posts, I think.

Member

rmccue commented Apr 20, 2014

attachment posts whose parent is a post type that isn't public shouldn't be exposed either.

This should already be handled by the post_status = inherit on attachment posts, I think.

@iandunn

This comment has been minimized.

Show comment
Hide comment
@iandunn

iandunn Apr 21, 2014

Ah, yeah, that's sounds right. I was playing around with some other stuff related to attachments, and it made me think about this, but it should be taken care of by inherit. Just to be safe I've added it to my list of things to test when auditing what gets exposed, though.

iandunn commented Apr 21, 2014

Ah, yeah, that's sounds right. I was playing around with some other stuff related to attachments, and it made me think about this, but it should be taken care of by inherit. Just to be safe I've added it to my list of things to test when auditing what gets exposed, though.

@iandunn

This comment has been minimized.

Show comment
Hide comment
@iandunn

iandunn Apr 21, 2014

An attachment post attached to a post post that has show_in_json = 1 and post_status = private is currently exposed, but it looks like WP always makes attachment posts public, regardless of the visibility of the post its attached to (of if it's attached to anything at all), so I guess there's no point in the API trying to hide it.

iandunn commented Apr 21, 2014

An attachment post attached to a post post that has show_in_json = 1 and post_status = private is currently exposed, but it looks like WP always makes attachment posts public, regardless of the visibility of the post its attached to (of if it's attached to anything at all), so I guess there's no point in the API trying to hide it.

@rmccue rmccue closed this in #145 Apr 29, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment