Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#25189 closed defect (bug) (duplicate)

Meta keys a user can't edit shouldn't be displayed in the Custom Fields meta box

Reported by: trepmal's profile trepmal Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch commit
Focuses: Cc:


So you've registered your meta like this

register_meta( 'post', 'my_registered_meta', 'my_sanitize_callback', '__return_false' );

__return_false is ultimately passed to a cap check to make the user not allowed to edit the meta.

The caps are correctly checked when listing the key/value pairs in the meta box, but the key is still listed in the key-picker <select> menu (assuming the key exists because your plugin created it) and attempts to add meta with that key from the Custom Fields box fail with an error.

Here's my attempt to diagram the issue:
And here's code to demo the issue:

The patch simply adds a current_user_can check

Attachments (1)

25189.diff (539 bytes) - added by trepmal 11 years ago.

Download all attachments as: .zip

Change History (4)

11 years ago

#1 @SergeyBiryukov
11 years ago

  • Milestone changed from Awaiting Review to 3.7

#2 @SergeyBiryukov
11 years ago

  • Keywords commit added

#3 @nacin
11 years ago

  • Milestone 3.7 deleted
  • Resolution set to duplicate
  • Status changed from new to closed

This is a duplicate of #18786.

Note: See TracTickets for help on using tickets.