[wp-trac] [WordPress Trac] #44157: the comments/[id] endpoints should have the same permissions checks as the comments endpoint
WordPress Trac
noreply at wordpress.org
Tue Nov 25 01:20:29 UTC 2025
#44157: the comments/[id] endpoints should have the same permissions checks as the
comments endpoint
-------------------------------------------------+-------------------------
Reporter: tharsheblows | Owner:
| adamsilverstein
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future
| Release
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion has-patch has-unit- | Focuses:
tests dev-reviewed |
-------------------------------------------------+-------------------------
Comment (by peterwilsoncc):
In [changeset:"61297" 61297]:
{{{
#!CommitTicketReference repository="" revision="61297"
Comments: ensure unauthenticated users cannot access the single comment
endpoint for notes.
Fix an issue where notes could be accessed by unauthenticated users by
using the single comment REST API endpoint and passing the comment ID
(`/wp/v2/comments/<ID>`). This fix only affects the `note` type.
Reviewed by peterwilsoncc.
Merges [61276] to the 6.9 branch.
Props adamsilverstein, peterwilsoncc, westonruter, tharsheblows.
See #44157.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44157#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list