If basic auth is used, we need to return null for json_basic_auth_error. Right now, if basic auth isn't used, we just assume the user is authenticated even if no authentication method has been used.
To confirm this bug, view /posts/?context=edit (without sending a nonce) while the Basic Auth plugin is enabled. You will see posts when you shouldn't.
rmccue
commented
10 years ago
If basic auth is used, we need to return null for json_basic_auth_error. Right now, if basic auth isn't used, we just assume the user is authenticated even if no authentication method has been used.
To confirm this bug, view /posts/?context=edit (without sending a nonce) while the Basic Auth plugin is enabled. You will see posts when you shouldn't.