Skip to content

Changes to WordCamp and Meetup REST API endpoints#926

Merged
outdoor2kode merged 3 commits intoWordPress:productionfrom
timiwahalahti:fix/661-and-610
May 20, 2024
Merged

Changes to WordCamp and Meetup REST API endpoints#926
outdoor2kode merged 3 commits intoWordPress:productionfrom
timiwahalahti:fix/661-and-610

Conversation

@timiwahalahti
Copy link
Copy Markdown
Collaborator

@timiwahalahti timiwahalahti commented Jun 27, 2023
edited
Loading

WordCamp Central REST API leaked some Meetup and WordCamp information.

This PR closes the /wordcamps endpoint from enumeration, which has been the way to see details for WordCamps with non-public statuses (like declined).

This PR also changes the way how /meetups endpoint works. Previously that endpoint returned an empty array, now it's similar to /wordcamps endpoint and returns all Meetups with public status. The /meetups endpoint also suffered from leakage by enumeration, which is prevented now.

Fixes #661
Fixes #610

How to test the changes in this Pull Request:

WordCamps

  1. Create new WordCamp application and decline that
  2. Copy the ID of that application
  3. Navigate to https://central.wordcamp.test/wp-json/wp/v2/wordcamps/{ID} and you should receive an error message
  4. Check some declined WordCamp applications on production, and you will see the details

Meetups

  1. Create new Meetup applications, one declined and one active in the chapter
  2. Navigate to https://central.wordcamp.test/wp-json/wp/v2/meetups, and you should see only the active one
  3. Copy the ID of the declined application and navigate to https://central.wordcamp.test/wp-json/wp/v2/meetups/{ID}, and you should receive an error message
  4. Check production https://central.wordcamp.org/wp-json/wp/v2/meetups and you get an empty array
  5. Check some declined Meetup applications on production, and you will see the details

@timiwahalahti timiwahalahti added [Priority] 3 [Component] WCPT WordCamp and meetup post types, applications, trackers, mentors and removed [Status] Needs Review labels Jun 27, 2023
@timiwahalahti timiwahalahti changed the title Fix/661 and 610 [WIP] Fix/661 and 610 Jun 27, 2023
@timiwahalahti timiwahalahti changed the title [WIP] Fix/661 and 610 Changes to WordCamp and Meetup REST API endpoints Jul 16, 2023
@pkevan
Copy link
Copy Markdown
Contributor

pkevan commented Feb 8, 2024

It looks like the conflicts in public_html/wp-content/plugins/wcpt/wcpt-meetup/meetup-loader.php change some of the permissions, but not sure if it's solved completely (probably not), would you mind taking a look @timiwahalahti to confirm?

@outdoor2kode outdoor2kode force-pushed the fix/661-and-610 branch 2 times, most recently from 85e3007 to 892f0cd Compare May 20, 2024 14:47
outdoor2kode
outdoor2kode approved these changes May 20, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@outdoor2kode outdoor2kode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍
Screenshot 2024-05-21 at 01 25 41

@outdoor2kode outdoor2kode merged commit e13fb5e into WordPress:production May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@outdoor2kode outdoor2kode outdoor2kode approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

[Component] REST API [Component] WCPT WordCamp and meetup post types, applications, trackers, mentors [Priority] Medium

Projects

Community Events Active Tasks
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

WordCamp.org: meetups exposed in REST API WordCamp.org: WordCamps with non-public statuses are exposed in REST API

3 participants

@timiwahalahti @pkevan @outdoor2kode