Opened 10 years ago
Last modified 3 years ago
#32565 assigned defect (bug)
Adding an underscore prefix meta key with a meta value provides an incorrect error message
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.3 |
Component: | Options, Meta APIs | Keywords: | has-patch has-unit-tests needs-refresh |
Focuses: | Cc: |
Description
To reproduce this, use the custom fields section in a post to add a custom field. Add a hidden field (prefix the custom field name with an underscore) and type any value. The error returned is "Please provide a custom field value." which is not what the issue is, the issue is that we are trying to add a protected meta key.
I've included a fix which I don't particularly like. Perhaps add_meta should return a WP_Error object with the correct error. This would be easy enough to do, but I'm not familiar enough with add_meta(), I'm not sure what this could break.
I changed this in all three places the issue could occur, but I'm not sure this is needed. During troubleshooting it was obvious that the issue originates from line 1198. The other two occurrences could be line 1193 and 1281.
Hope this helps,
Daniel
Attachments (5)
Change History (23)
This ticket was mentioned in Slack in #core by jorbin. View the logs.
10 years ago
#3
@
10 years ago
- Type changed from defect (bug) to enhancement
The code is working as expected, but I think a better error message could certainly be in order.
#4
@
9 years ago
In attachment:32565.2.diff, I've extended the work in @danielpataki's previous diff.
First, we can simplify the code here by issuing one call to add_meta()
regardless of post status, and thereby one wp_die()
statement.
Preferably add_meta()
would supply us with extra failure information about why the routine failed, but we cannot modify the return value because of backwards compatibility. So, the work that function does to detect metakey must be duplicated here to decide whether add_meta()
is failing because the user isn't allowed to edit it (by the meta being protected or capability checks) or if the value is empty.
#6
@
9 years ago
Thanks @ericlewis for that :) I assumed something like that was the issue with add_meta
, thanks for clarifying!
This ticket was mentioned in Slack in #core by sergey. View the logs.
9 years ago
#9
@
9 years ago
@SergeyBiryukov What's the status here? Looks like there's some braces missing in 32565.2.diff and the patch still applies.
#10
@
9 years ago
32565.3.diff adds a the missing braces, removes assignment from inside the if, minor clean up, and stricter checks on $metakeyinput and $metakeyselect.
This ticket was mentioned in Slack in #core by wonderboymusic. View the logs.
9 years ago
#13
@
9 years ago
- Milestone changed from Future Release to 4.4
- Type changed from enhancement to defect (bug)
This ticket was mentioned in Slack in #core by mikehansenme. View the logs.
9 years ago
#17
@
5 years ago
- Keywords has-unit-tests added; needs-unit-tests removed
In my attached patch, 32565.4.diff, I applied the fix inside add_meta()
to make things simpler. I also did some refactoring in wp_ajax_add_meta()
to make things more organized.
Diff to output the correct error, but not very elegantly coded