Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need clarification on what show_in_rest / edit_in_rest are supposed to do #380

Open
therealgilles opened this issue May 19, 2021 · 2 comments
Open

Need clarification on what show_in_rest / edit_in_rest are supposed to do #380

therealgilles opened this issue May 19, 2021 · 2 comments

Comments

@therealgilles
Copy link

I see the two filters in the documentation. Does it mean that if they are set, only the fields with the options enabled in the backend should show / be editable through the REST API?

// Enable the option show in rest
add_filter( 'acf/rest_api/field_settings/show_in_rest', '__return_true' );

// Enable the option edit in rest
add_filter( 'acf/rest_api/field_settings/edit_in_rest', '__return_true' );

I have added the filters and I see some of the ACF fields show when doing a wp/v2/users request under 'acf', even though their options are not enabled. Is that expected?
@lukas-hablitzel
Copy link

Same problem here: Fields get displayed no matter what the "Show in REST API?" switch is set to.

@grex22
Copy link

grex22 commented Mar 29, 2023

Couple years later, and this is still a pretty big bug. Our ACF fields can contain sensitive data, so this is a pretty nasty security hole. My issue is popping up on an ACF Options page, unsure if that matters..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@grex22 @lukas-hablitzel @therealgilles