Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes to WordCamp and Meetup REST API endpoints #926

Merged
merged 3 commits into from May 20, 2024
Merged

Changes to WordCamp and Meetup REST API endpoints #926

merged 3 commits into from May 20, 2024

Conversation

timiwahalahti
Copy link
Collaborator

@timiwahalahti timiwahalahti commented Jun 27, 2023
edited

WordCamp Central REST API leaked some Meetup and WordCamp information.

This PR closes the /wordcamps endpoint from enumeration, which has been the way to see details for WordCamps with non-public statuses (like declined).

This PR also changes the way how /meetups endpoint works. Previously that endpoint returned an empty array, now it's similar to /wordcamps endpoint and returns all Meetups with public status. The /meetups endpoint also suffered from leakage by enumeration, which is prevented now.

Fixes #661
Fixes #610

How to test the changes in this Pull Request:

WordCamps

  1. Create new WordCamp application and decline that
  2. Copy the ID of that application
  3. Navigate to https://central.wordcamp.test/wp-json/wp/v2/wordcamps/{ID} and you should receive an error message
  4. Check some declined WordCamp applications on production, and you will see the details

Meetups

  1. Create new Meetup applications, one declined and one active in the chapter
  2. Navigate to https://central.wordcamp.test/wp-json/wp/v2/meetups, and you should see only the active one
  3. Copy the ID of the declined application and navigate to https://central.wordcamp.test/wp-json/wp/v2/meetups/{ID}, and you should receive an error message
  4. Check production https://central.wordcamp.org/wp-json/wp/v2/meetups and you get an empty array
  5. Check some declined Meetup applications on production, and you will see the details

@timiwahalahti timiwahalahti added [Priority] 3 [Component] WCPT WordCamp and meetup post types, applications, trackers, mentors and removed [Status] Needs Review labels Jun 27, 2023
@timiwahalahti timiwahalahti changed the title Fix/661 and 610 [WIP] Fix/661 and 610 Jun 27, 2023
@timiwahalahti timiwahalahti changed the title [WIP] Fix/661 and 610 Changes to WordCamp and Meetup REST API endpoints Jul 16, 2023
@pkevan
Copy link
Contributor

pkevan commented Feb 8, 2024

It looks like the conflicts in public_html/wp-content/plugins/wcpt/wcpt-meetup/meetup-loader.php change some of the permissions, but not sure if it's solved completely (probably not), would you mind taking a look @timiwahalahti to confirm?

@renintw renintw force-pushed the fix/661-and-610 branch 2 times, most recently from 85e3007 to 892f0cd Compare May 20, 2024 14:47
renintw
renintw approved these changes May 20, 2024
View reviewed changes
Copy link
Contributor

@renintw renintw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍
Screenshot 2024-05-21 at 01 25 41

@renintw renintw merged commit e13fb5e into WordPress:production May 20, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renintw renintw renintw approved these changes

Assignees
No one assigned
Labels
[Component] REST API [Component] WCPT WordCamp and meetup post types, applications, trackers, mentors [Priority] Medium
Projects
Community Events Active Tasks
Status: ✅ Done
Milestone
No milestone
3 participants
@timiwahalahti @pkevan @renintw