XMLRPC API Clients can't edit underscore-prefixed custom fields
|Reported by:||redsweater||Owned by:||ryan|
Changes that were committed in r17994 changed the behavior of the XMLRPC API such that clients who attempt to create or modify custom field values that start with a "_" underscore, encounter a quiet failure for those values to stick.
It seems at least somewhat common for 3rd party plugins and themes to use underscore-prefixed custom field values, in particular when they provide their own UI for setting those values, and don't want the values to show up in the custom fields UI of the WordPress admin panel.
Because a remote client using the XMLRPC API doesn't cause the plugin's custom code or UI to appear, we need the ability to continue editing these fields via the API.
A concrete example of this problem in action is the All In One SEO pack, which uses custom fields that have a prefix of _aiseop. My customers (MarsEdit) who have custom fields configured to edit these values are finding since 3.1.3 that the specified values simply "don't take" on the server. I have traced this to the changes in r17994:
Particularly to the new is_protected_meta which counts as protected any custom fields that begin with an underscore. Presumably this function ends up getting called on behalf of the API from the "edit_post" API call in post.php, but I haven't confirmed the exact call chain.
It would be great if the XMLRPC API could continue having unfettered access to editing underscore-prefixed custom fields.
Change History (56)
comment:28 ryan — 3 years ago
- Owner set to ryan
- Resolution set to fixed
- Status changed from new to closed
comment:29 xknown — 3 years ago
- Resolution fixed deleted
- Status changed from closed to reopened