[wp-hackers] Error: Are you sureyou want to do this?

Dion Hulse (dd32) wordpress at dd32.id.au
Sat Apr 30 01:45:10 UTC 2011


What he said!, And remember to check the capability upon processing the save
as well. A user might generate the fields themselves in order to maliciously
attack the site. :)

On 30 April 2011 01:01, Jeremy Clarke <jer at simianuprising.com> wrote:

> On Thu, Apr 28, 2011 at 4:57 PM, Leo Baiano <ljunior2005 at gmail.com> wrote:
>
> > How do I register for a just Metabox certain level of user? I'm using a
> > custom class to generate the goal box Metabox and do not know which
> > parameter set the user levelwould have access to this box.
> >
> >
>
> There is no support for capability filtering with the add_meta_box()
> function.
>
> I'm pretty sure that just not registering the metabox when the logged-in
> user shouldn't have access will work decently. In whatever function you are
> using to register the metabox add a current_user_can('CAP_TO_CHECK') and if
> it is false exit the function before doing the metabox registration.
>
> --
> Jeremy Clarke
> Code and Design • globalvoicesonline.org
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list