Opened 11 years ago
Closed 11 years ago
#25189 closed defect (bug) (duplicate)
Meta keys a user can't edit shouldn't be displayed in the Custom Fields meta box
Reported by: | trepmal | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Administration | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
So you've registered your meta like this
register_meta( 'post', 'my_registered_meta', 'my_sanitize_callback', '__return_false' );
__return_false
is ultimately passed to a cap check to make the user not allowed to edit the meta.
The caps are correctly checked when listing the key/value pairs in the meta box, but the key is still listed in the key-picker <select> menu (assuming the key exists because your plugin created it) and attempts to add meta with that key from the Custom Fields box fail with an error.
Here's my attempt to diagram the issue:
And here's code to demo the issue: https://gist.github.com/trepmal/28653a84b6a14ac7db94
The patch simply adds a current_user_can
check
Attachments (1)
Change History (4)
Note: See
TracTickets for help on using
tickets.
This is a duplicate of #18786.