[buddypress-trac] [BuddyPress Trac] #9231: Using BP REST API it's possible to retrieve information about a spammed user
buddypress-trac
noreply at wordpress.org
Thu Sep 5 12:36:28 UTC 2024
#9231: Using BP REST API it's possible to retrieve information about a spammed
user
--------------------------+--------------------------
Reporter: imath | Owner: espellcaste
Type: defect (bug) | Status: new
Priority: normal | Milestone: 15.0.0
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: needs-patch |
--------------------------+--------------------------
Comment (by espellcaste):
**I can't confirm this bug**. Currently, only admins can return a spammed
member via the REST API. Not even ''the'' spammed member himself can get
his own profile.
Here's the message a spammed user gets:
{{{
## Spammed User - GET
curl "https://bp-single.alley.test/wp-
json/buddypress/v2/members/2?context=edit" \
-u 'user:password'
{
"code": "invalid_username",
"data": null,
"message": "<strong>Error</strong>: Your account has been marked as a
spammer."
}
}}}
Other regular users will get this:
{{{
{
"code": "bp_rest_authorization_required",
"data": {
"status": 403
},
"message": "Sorry, you are not allowed to view members with the edit
context."
}
}}}
And the admin will get the member object properly.
cc: @emaralive
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9231#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list