WordPress.org

Make WordPress Core

Changeset 6496


Ignore:
Timestamp:
12/26/2007 07:50:26 PM (12 years ago)
Author:
ryan
Message:

Limit post_password exposure. Props josephscott for the patch and xknown for the find. fixes #5535 for 2.4

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/xmlrpc.php

    r6474 r6496  
    15361536        }
    15371537
     1538        $this_user = set_current_user( 0, $user_login );
     1539
    15381540        foreach ($posts_list as $entry) {
     1541            if (
     1542                !empty( $entry['post_password'] )
     1543                && !current_user_can( 'edit_post', $entry['ID'] )
     1544            ) {
     1545                unset( $entry['post_password'] );
     1546            }
    15391547
    15401548            $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);
Note: See TracChangeset for help on using the changeset viewer.