Ticket #44238: 44238.4.diff
File 44238.4.diff, 10.8 KB (added by , 6 years ago) |
---|
-
src/wp-admin/includes/ajax-actions.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
776 776 wp_die( 1 ); 777 777 } 778 778 779 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) { 779 780 $object_subtype = get_object_subtype( 'post', $id ); 781 if ( is_protected_meta( $meta->meta_key, 'post', $object_subtype ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) { 780 782 wp_die( -1 ); 781 783 } 782 784 if ( delete_meta( $meta->meta_id ) ) { … … 1512 1514 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) ) { 1513 1515 wp_die( 0 ); // if meta doesn't exist 1514 1516 } 1515 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || 1517 1518 $object_subtype = get_object_subtype( 'post', $meta->post_id ); 1519 if ( is_protected_meta( $meta->meta_key, 'post', $object_subtype ) || is_protected_meta( $key, 'post', $object_subtype ) || 1516 1520 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || 1517 1521 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) { 1518 1522 wp_die( -1 ); -
src/wp-admin/includes/meta-boxes.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
725 725 <div id="ajax-response"></div> 726 726 <?php 727 727 $metadata = has_meta( $post->ID ); 728 $object_subtype = get_object_subtype( 'post', $post->ID ); 728 729 foreach ( $metadata as $key => $value ) { 729 if ( is_protected_meta( $metadata[ $key ]['meta_key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post->ID, $metadata[ $key ]['meta_key'] ) ) {730 if ( is_protected_meta( $metadata[ $key ]['meta_key'], 'post', $object_subtype ) || ! current_user_can( 'edit_post_meta', $post->ID, $metadata[ $key ]['meta_key'] ) ) { 730 731 unset( $metadata[ $key ] ); 731 732 } 732 733 } -
src/wp-admin/includes/post.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
345 345 if ( $meta->post_id != $post_ID ) { 346 346 continue; 347 347 } 348 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $meta->meta_key ) ) { 348 $object_subtype = get_object_subtype( 'post', $post_ID ); 349 if ( is_protected_meta( $meta->meta_key, 'post', $object_subtype ) || ! current_user_can( 'edit_post_meta', $post_ID, $meta->meta_key ) ) { 349 350 continue; 350 351 } 351 if ( is_protected_meta( $value['key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $value['key'] ) ) {352 if ( is_protected_meta( $value['key'], 'post', $object_subtype ) || ! current_user_can( 'edit_post_meta', $post_ID, $value['key'] ) ) { 352 353 continue; 353 354 } 354 355 update_meta( $key, $value['key'], $value['value'] ); … … 363 364 if ( $meta->post_id != $post_ID ) { 364 365 continue; 365 366 } 366 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $post_ID, $meta->meta_key ) ) { 367 $object_subtype = get_object_subtype( 'post', $post_ID ); 368 if ( is_protected_meta( $meta->meta_key, 'post', $object_subtype ) || ! current_user_can( 'delete_post_meta', $post_ID, $meta->meta_key ) ) { 367 369 continue; 368 370 } 369 371 delete_meta( $key ); … … 902 904 if ( $metakeyinput ) { 903 905 $metakey = $metakeyinput; // default 904 906 } 905 906 if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) ) {907 $object_subtype = get_object_subtype( 'post', $post_ID ); 908 if ( is_protected_meta( $metakey, 'post', $object_subtype ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) ) { 907 909 return false; 908 910 } 909 911 -
src/wp-admin/includes/template.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
590 590 function _list_meta_row( $entry, &$count ) { 591 591 static $update_nonce = ''; 592 592 593 if ( is_protected_meta( $entry['meta_key'], 'post' ) ) { 593 $object_subtype = get_object_subtype( 'post', $entry['post_id'] ); 594 if ( is_protected_meta( $entry['meta_key'], 'post', $object_subtype ) ) { 594 595 return ''; 595 596 } 596 597 … … 701 702 <select id="metakeyselect" name="metakeyselect"> 702 703 <option value="#NONE#"><?php _e( '— Select —' ); ?></option> 703 704 <?php 704 705 $object_subtype = get_object_subtype( 'post', $post->ID ); 705 706 foreach ( $keys as $key ) { 706 if ( is_protected_meta( $key, 'post' ) || ! current_user_can( 'add_post_meta', $post->ID, $key ) ) {707 if ( is_protected_meta( $key, 'post', $object_subtype ) || ! current_user_can( 'add_post_meta', $post->ID, $key ) ) { 707 708 continue; 708 709 } 709 710 echo "\n<option value='" . esc_attr( $key ) . "'>" . esc_html( $key ) . '</option>'; -
src/wp-includes/capabilities.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
293 293 $meta_key = isset( $args[1] ) ? $args[1] : false; 294 294 295 295 if ( $meta_key ) { 296 $allowed = ! is_protected_meta( $meta_key, $object_type );296 $allowed = ! is_protected_meta( $meta_key, $object_type, $object_subtype ); 297 297 298 298 if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) { 299 299 -
src/wp-includes/meta.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
1023 1023 * Determines whether a meta key is considered protected. 1024 1024 * 1025 1025 * @since 3.1.3 1026 * @since x.x.x Add $object_sub_type 1026 1027 * 1027 1028 * @param string $meta_key Meta key. 1028 1029 * @param string|null $meta_type Optional. Type of object metadata is for (e.g., comment, post, term, or user). 1030 * @param string $object_subtype Optional. Object sub type is for (e.g., post or page). 1029 1031 * @return bool Whether the meta key is considered protected. 1030 1032 */ 1031 function is_protected_meta( $meta_key, $meta_type = null ) {1033 function is_protected_meta( $meta_key, $meta_type = null, $object_subtype = '' ) { 1032 1034 $protected = ( '_' == $meta_key[0] ); 1033 1035 1036 1037 if ( ! empty( $meta_type ) ) { 1038 /** 1039 * Filters whether a meta key is considered protected. 1040 * 1041 * @since x.x.x 1042 * 1043 * @param bool $protected Whether the key is considered protected. 1044 * @param string $meta_key Meta key. 1045 * @param string|null $meta_type Type of object metadata is for (e.g., comment, post, or user). 1046 * @param string $object_subtype Optional. Object sub type is for (e.g., post or page). 1047 */ 1048 $protected = apply_filters( "protected_{$meta_type}_meta_{$meta_key}", $protected, $meta_key, $meta_type, $object_subtype ); 1049 if ( ! empty( $object_subtype ) ) { 1050 /** 1051 * Filters whether a meta key is considered protected. 1052 * 1053 * @since x.x.x 1054 * 1055 * @param bool $protected Whether the key is considered protected. 1056 * @param string $meta_key Meta key. 1057 * @param string|null $meta_type Type of object metadata is for (e.g., comment, post, or user). 1058 * @param string $object_subtype Optional. Object sub type is for (e.g., post or page). 1059 */ 1060 $protected = apply_filters( "protected_{$meta_type}_meta_{$meta_key}_for_{$object_subtype}", $protected, $meta_key, $meta_type, $object_subtype ); 1061 } 1062 } 1063 1034 1064 /** 1035 1065 * Filters whether a meta key is considered protected. 1036 1066 * 1037 1067 * @since 3.2.0 1068 * @since x.x.x Add $object_sub_type 1038 1069 * 1039 1070 * @param bool $protected Whether the key is considered protected. 1040 1071 * @param string $meta_key Meta key. 1072 * @param string $object_subtype Optional. Object sub type is for (e.g., post or page). 1041 1073 * @param string|null $meta_type Type of object metadata is for (e.g., comment, post, term, or user). 1042 1074 */ 1043 return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type );1075 return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type, $object_subtype ); 1044 1076 } 1045 1077 1046 1078 /** … … 1136 1168 $wp_meta_keys = array(); 1137 1169 } 1138 1170 1171 $protected = ( '_' == $meta_key[0] ); 1172 1139 1173 $defaults = array( 1140 1174 'object_subtype' => '', 1141 1175 'type' => 'string', … … 1144 1178 'sanitize_callback' => null, 1145 1179 'auth_callback' => null, 1146 1180 'show_in_rest' => false, 1181 'protected' => $protected, 1147 1182 ); 1148 1183 1149 1184 // There used to be individual args for sanitize and auth callbacks … … 1180 1215 1181 1216 $object_subtype = ! empty( $args['object_subtype'] ) ? $args['object_subtype'] : ''; 1182 1217 1218 1219 if ( is_callable( $args['protected'] ) ) { 1220 $protected_callback = $args['protected']; 1221 } else { 1222 $protected = (bool) $args['protected']; 1223 if ( empty( $protected ) ) { 1224 $protected_callback = '__return_false'; 1225 } else { 1226 $protected_callback = '__return_true'; 1227 } 1228 } 1229 1230 if ( ! empty( $object_subtype ) ) { 1231 add_filter( "protected_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $protected_callback, 9, 1 ); 1232 } else { 1233 add_filter( "protected_{$object_type}_meta_{$meta_key}", $protected_callback, 9, 1 ); 1234 } 1235 1236 1183 1237 // If `auth_callback` is not provided, fall back to `is_protected_meta()`. 1184 1238 if ( empty( $args['auth_callback'] ) ) { 1185 if ( is_protected_meta( $meta_key, $object_type ) ) {1239 if ( is_protected_meta( $meta_key, $object_type, $object_subtype ) ) { 1186 1240 $args['auth_callback'] = '__return_false'; 1187 1241 } else { 1188 1242 $args['auth_callback'] = '__return_true'; -
src/wp-includes/post-template.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
1069 1069 function the_meta() { 1070 1070 if ( $keys = get_post_custom_keys() ) { 1071 1071 $li_html = ''; 1072 $post_id = get_the_ID(); 1073 $object_subtype = get_object_subtype( 'post', $post_id ); 1072 1074 foreach ( (array) $keys as $key ) { 1073 1075 $keyt = trim( $key ); 1074 if ( is_protected_meta( $keyt, 'post' ) ) {1076 if ( is_protected_meta( $keyt, 'post', $object_subtype ) ) { 1075 1077 continue; 1076 1078 } 1077 1079