Ticket #17850: 17850.5.diff
File 17850.5.diff, 4.3 KB (added by , 13 years ago) |
---|
-
wp-includes/class-wp-xmlrpc-server.php
234 234 235 235 foreach ( (array) has_meta($post_id) as $meta ) { 236 236 // Don't expose protected fields. 237 if ( strpos($meta['meta_key'], '_wp_') === 0) {237 if ( is_protected_meta( $meta['meta_key'] ) ) { 238 238 continue; 239 239 } 240 240 … … 264 264 $meta['id'] = (int) $meta['id']; 265 265 266 266 if ( isset($meta['key']) ) { 267 update_meta($meta['id'], $meta['key'], $meta['value']); 267 if ( ! is_protected_meta( $meta['key'] ) ) 268 update_meta($meta['id'], $meta['key'], $meta['value']); 269 } else { 270 if ( ! is_protected_meta( $meta['key'] ) ) 271 delete_meta($meta['id']); 268 272 } 269 270 delete_meta($meta['id']);271 }273 } else { 274 if ( ! is_protected_meta( $meta['key'] ) ) 275 add_post_meta( $post_id, $meta['key'], $meta['value'] ); 272 276 } 273 else {274 $_POST['metakeyinput'] = $meta['key'];275 $_POST['metavalue'] = $meta['value'];276 add_meta($post_id);277 }278 277 } 279 278 } 280 279 -
wp-includes/meta.php
588 588 * @return bool True if the key is protected, false otherwise. 589 589 */ 590 590 function is_protected_meta( $meta_key, $meta_type = null ) { 591 $protected = ( '_' == $meta_key[0] ); 591 $protected = false; 592 $protected_keys = array( '_edit_last', '_edit_lock', '_thumbnail_id' ); 593 $protected_prefixes = array( '_wp_', '_menu_item_', '_oembed_', '__' ); 592 594 595 foreach ( $protected_prefixes as $prefix ) { 596 if ( 0 === strpos( $meta_key, $prefix ) ) { 597 $protected = true; 598 break; 599 } 600 } 601 602 if ( !$protected && in_array( $meta_key, $protected_keys ) ) 603 $protected = true; 604 593 605 return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type ); 594 606 } 595 607 596 608 /** 609 * Determine whether a meta key is hidden 610 * 611 * @since 3.2.0 612 * 613 * @param string $meta_key Meta key 614 * @return bool True if the key is hidden, false otherwise. 615 */ 616 function is_hidden_meta( $meta_key, $meta_type = null ) { 617 $hidden = ( '_' == $meta_key[0] ); 618 619 return apply_filters( 'is_hidden_meta', $hidden, $meta_key, $meta_type ); 620 } 621 622 /** 597 623 * Sanitize meta value 598 624 * 599 625 * @since 3.1.3 -
wp-admin/admin-ajax.php
396 396 if ( !$meta = get_post_meta_by_id( $id ) ) 397 397 die('1'); 398 398 399 if ( !current_user_can( 'edit_post', $meta->post_id ) || is_ protected_meta( $meta->meta_key ) )399 if ( !current_user_can( 'edit_post', $meta->post_id ) || is_hidden_meta( $meta->meta_key ) || is_protected_meta( $meta->meta_key ) ) 400 400 die('-1'); 401 401 if ( delete_meta( $meta->meta_id ) ) 402 402 die('1'); … … 870 870 die('0'); // if meta doesn't exist 871 871 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 872 872 die('-1'); 873 if ( is_ protected_meta( $meta->meta_key ) )873 if ( is_hidden_meta( $meta->meta_key ) || is_protected_meta( $meta->meta_key ) ) 874 874 die('-1'); 875 875 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) { 876 876 if ( !$u = update_meta( $mid, $key, $value ) ) -
wp-admin/includes/post.php
207 207 continue; 208 208 if ( $meta->post_id != $post_ID ) 209 209 continue; 210 if ( is_ protected_meta( $value['key'] ) )210 if ( is_hidden_meta( $value['key'] ) || is_protected_meta( $value['key'] ) ) 211 211 continue; 212 212 update_meta( $key, $value['key'], $value['value'] ); 213 213 } … … 219 219 continue; 220 220 if ( $meta->post_id != $post_ID ) 221 221 continue; 222 if ( is_ protected_meta( $meta->meta_key ) )222 if ( is_hidden_meta( $meta->meta_key ) || is_protected_meta( $meta->meta_key ) ) 223 223 continue; 224 224 delete_meta( $key ); 225 225 } … … 662 662 if ( $metakeyinput) 663 663 $metakey = $metakeyinput; // default 664 664 665 if ( is_ protected_meta( $metakey ) )665 if ( is_hidden_meta( $metakey ) || is_protected_meta( $metakey ) ) 666 666 return false; 667 667 668 668 wp_cache_delete($post_ID, 'post_meta');