Changeset 18445 for trunk/wp-includes/class-wp-xmlrpc-server.php

Timestamp:

07/20/2011 10:04:35 PM (14 years ago)

Author:

ryan

Message:

Introduce register_meta(), get_metadata_by_mid(), and *_post_meta capabilities. fixes #17850

File:

• trunk/wp-includes/class-wp-xmlrpc-server.php (modified) (2 diffs)

trunk/wp-includes/class-wp-xmlrpc-server.php

@@ -235 +235 @@
         foreach ( (array) has_meta($post_id) as $meta ) {
             // Don't expose protected fields.
-            if ( strpos($meta['meta_key'], '_wp_') === 0 ) {
+            if ( ! current_user_can( 'edit_post_meta', $post_id , $meta['meta_key'] ) )
                 continue;
-            }
 
             $custom_fields[] = array(
@@ -263 +262 @@
             if ( isset($meta['id']) ) {
                 $meta['id'] = (int) $meta['id'];
-
+                $pmeta = get_metadata_by_mid( 'post', $meta['id'] );
                 if ( isset($meta['key']) ) {
-                    update_meta($meta['id'], $meta['key'], $meta['value']);
+                    if ( $meta['key'] != $pmeta->meta_key )
+                        continue;
+                    if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
+                        update_meta( $meta['id'], $meta['key'], $meta['value'] );
+                } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
+                        delete_meta( $meta['id'] );
                 }
-                else {
-                    delete_meta($meta['id']);
-                }
-            }
-            else {
-                $_POST['metakeyinput'] = $meta['key'];
-                $_POST['metavalue'] = $meta['value'];
-                add_meta($post_id);
+            } elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) {
+                    add_post_meta( $post_id, $meta['key'], $meta['value'] );
             }
         }