Version Description
Security fix: all users are strongly encouraged to upgrade. (See Changelog.)
Download this release
Release Info
| Developer | dphiffer |
| Plugin |  JSON API |
| Version | 0.9.4 |
| Comparing to | |
| See all releases | |
Code changes from version 0.9.3 to 0.9.4
- json-api.php +1 -1
- readme.txt +7 -1
- singletons/controller.php +3 -0
json-api.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: JSON API
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/json-api/
|
| 5 |
Description: A RESTful API for WordPress
|
| 6 |
-
Version: 0.9.
|
| 7 |
Author: Dan Phiffer
|
| 8 |
Author URI: http://phiffer.org/
|
| 9 |
*/
|
| 3 |
Plugin Name: JSON API
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/json-api/
|
| 5 |
Description: A RESTful API for WordPress
|
| 6 |
+
Version: 0.9.4
|
| 7 |
Author: Dan Phiffer
|
| 8 |
Author URI: http://phiffer.org/
|
| 9 |
*/
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: dphiffer
|
|
| 3 |
Tags: json, api, ajax, cms, admin, integration, moma
|
| 4 |
Requires at least: 2.8
|
| 5 |
Tested up to: 2.9
|
| 6 |
-
Stable tag: 0.9.
|
| 7 |
|
| 8 |
A RESTful API for WordPress
|
| 9 |
|
|
@@ -587,6 +587,9 @@ Submits a comment to a WordPress post.
|
|
| 587 |
|
| 588 |
== Changelog ==
|
| 589 |
|
|
|
|
|
|
|
|
|
|
| 590 |
= 0.9.3 (2010-03-19): =
|
| 591 |
* Fixed a bug where child pages were being ignored by the API. See also: https://core.trac.wordpress.org/ticket/12647
|
| 592 |
|
|
@@ -631,6 +634,9 @@ Submits a comment to a WordPress post.
|
|
| 631 |
|
| 632 |
== Upgrade Notice ==
|
| 633 |
|
|
|
|
|
|
|
|
|
|
| 634 |
= 0.9.3 =
|
| 635 |
Fixed a bug where child pages could not be introspected by the API.
|
| 636 |
|
| 3 |
Tags: json, api, ajax, cms, admin, integration, moma
|
| 4 |
Requires at least: 2.8
|
| 5 |
Tested up to: 2.9
|
| 6 |
+
Stable tag: 0.9.4
|
| 7 |
|
| 8 |
A RESTful API for WordPress
|
| 9 |
|
| 587 |
|
| 588 |
== Changelog ==
|
| 589 |
|
| 590 |
+
= 0.9.4 (2010-04-28): =
|
| 591 |
+
* Fixed a bug where any non-authenticated user could create a draft blog post through `create_post`. Thanks to user futtta for posting about this.
|
| 592 |
+
|
| 593 |
= 0.9.3 (2010-03-19): =
|
| 594 |
* Fixed a bug where child pages were being ignored by the API. See also: https://core.trac.wordpress.org/ticket/12647
|
| 595 |
|
| 634 |
|
| 635 |
== Upgrade Notice ==
|
| 636 |
|
| 637 |
+
= 0.9.4 =
|
| 638 |
+
Security fix: all users are strongly encouraged to upgrade. (See Changelog.)
|
| 639 |
+
|
| 640 |
= 0.9.3 =
|
| 641 |
Fixed a bug where child pages could not be introspected by the API.
|
| 642 |
|
singletons/controller.php
CHANGED
|
@@ -215,6 +215,9 @@ class JSON_API_Controller {
|
|
| 215 |
}
|
| 216 |
|
| 217 |
function create_post() {
|
|
|
|
|
|
|
|
|
|
| 218 |
nocache_headers();
|
| 219 |
$post = new JSON_API_Post();
|
| 220 |
$id = $post->create($_REQUEST);
|
| 215 |
}
|
| 216 |
|
| 217 |
function create_post() {
|
| 218 |
+
if (!current_user_can('edit_posts')) {
|
| 219 |
+
$this->error("You need to login with a user capable of creating posts.");
|
| 220 |
+
}
|
| 221 |
nocache_headers();
|
| 222 |
$post = new JSON_API_Post();
|
| 223 |
$id = $post->create($_REQUEST);
|
