From brad8711 at gmail.com Sun Dec 23 22:41:02 2012 From: brad8711 at gmail.com (Bradly Swart) Date: Mon, 24 Dec 2012 09:41:02 +1100 Subject: [wp-xmlrpc] Hidden Custom Fields - Ruby Message-ID: Hi List, I've been putting around the net over the past few days figuring out how to get xmlrpc working with ruby. I'm trying to do some programmatic insertion of products into a WooCommerce site. Running the latest version of Wordpress. I've read some stuff on add_post_meta() but hasnt helped. I've managed to get the posting working, as well as custom fields, the problem has come in with hidden fields. In the snippet bellow product_url works fine, _sku doesn't snippet as part of the post content: ------------------------------------------------------------------------------------------------------------------------- 'custom_fields' => [{'key' => 'product_url', 'value' => ' http://mysite.com?rsid=9999'}, {'key' => "_sku", 'value' => '9999'}] ------------------------------------------------------------------------------------------------------------------------- XMLRPC Call: ------------------------------------------------------------------------------------------------------------------------- post_id = connection.call( 'metaWeblog.newPost', 1, 'user', 'password', post, true ) ------------------------------------------------------------------------------------------------------------------------- Hoping someone can help me out. Bradly Swart Mobile: +61447068962 Skype: bradly.swart Twitter: @brad8711 linkedIn: http://za.linkedin.com/in/bradlyswart -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailing at markoheijnen.nl Sun Dec 23 22:54:49 2012 From: mailing at markoheijnen.nl (Marko Heijnen) Date: Sun, 23 Dec 2012 23:54:49 +0100 Subject: [wp-xmlrpc] Hidden Custom Fields - Ruby In-Reply-To: References: Message-ID: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl> Hey Bradly, You can't modify hidden fields trough the XMLRPC. Since it is considered protected. You can however whitelist those fields by using register_meta(). I never used it myself and there isn't a codex page for, so you do need to look in the core for how it works. Some information can be found on trac: http://core.trac.wordpress.org/ticket/19919 Marko Op 23 dec. 2012, om 23:41 heeft Bradly Swart het volgende geschreven: > Hi List, > > I've been putting around the net over the past few days figuring out how to get xmlrpc working with ruby. I'm trying to do some programmatic insertion of products into a WooCommerce site. Running the latest version of Wordpress. I've read some stuff on add_post_meta() but hasnt helped. > > I've managed to get the posting working, as well as custom fields, the problem has come in with hidden fields. In the snippet bellow product_url works fine, _sku doesn't > > snippet as part of the post content: > ------------------------------------------------------------------------------------------------------------------------- > 'custom_fields' => [{'key' => 'product_url', 'value' => 'http://mysite.com?rsid=9999'}, > {'key' => "_sku", 'value' => '9999'}] > ------------------------------------------------------------------------------------------------------------------------- > > XMLRPC Call: > ------------------------------------------------------------------------------------------------------------------------- > post_id = connection.call( > 'metaWeblog.newPost', > 1, > 'user', > 'password', > post, > true > ) > ------------------------------------------------------------------------------------------------------------------------- > > Hoping someone can help me out. > > Bradly Swart > > Mobile: +61447068962 > Skype: bradly.swart > Twitter: @brad8711 > linkedIn: http://za.linkedin.com/in/bradlyswart > _______________________________________________ > wp-xmlrpc mailing list > wp-xmlrpc at lists.automattic.com > http://lists.automattic.com/mailman/listinfo/wp-xmlrpc -------------- next part -------------- An HTML attachment was scrubbed... URL: From wp at andrewnacin.com Sun Dec 23 22:58:37 2012 From: wp at andrewnacin.com (Andrew Nacin) Date: Sun, 23 Dec 2012 17:58:37 -0500 Subject: [wp-xmlrpc] Hidden Custom Fields - Ruby In-Reply-To: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl> References: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl> Message-ID: On Sun, Dec 23, 2012 at 5:54 PM, Marko Heijnen wrote: > Hey Bradly, > > You can't modify hidden fields trough the XMLRPC. Since it is considered > protected. You can however whitelist those fields by using register_meta(). > I never used it myself and there isn't a codex page for, so you do need to > look in the core for how it works. Some information can be found on trac: > http://core.trac.wordpress.org/ticket/19919 > Rather, you can modify any fields that are not considered "protected". The default rule for this is whether it starts with an underscore. You can adjust this by, as Marko says, using register_meta() with an auth_callback, or by simply using the is_protected_meta filter. Nacin -------------- next part -------------- An HTML attachment was scrubbed... URL: From brad8711 at gmail.com Sun Dec 23 22:59:18 2012 From: brad8711 at gmail.com (Bradly Swart) Date: Mon, 24 Dec 2012 09:59:18 +1100 Subject: [wp-xmlrpc] Hidden Custom Fields - Ruby In-Reply-To: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl> References: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl> Message-ID: Yea, I had a look at that, I couldn't figure out how to call it from a Ruby xmlrpc call though :/ Bradly Swart Mobile: +61447068962 Skype: bradly.swart Twitter: @brad8711 linkedIn: http://za.linkedin.com/in/bradlyswart On Mon, Dec 24, 2012 at 9:54 AM, Marko Heijnen wrote: > Hey Bradly, > > You can't modify hidden fields trough the XMLRPC. Since it is considered > protected. You can however whitelist those fields by using register_meta(). > I never used it myself and there isn't a codex page for, so you do need to > look in the core for how it works. Some information can be found on trac: > http://core.trac.wordpress.org/ticket/19919 > > Marko > > Op 23 dec. 2012, om 23:41 heeft Bradly Swart het > volgende geschreven: > > Hi List, > > I've been putting around the net over the past few days figuring out how > to get xmlrpc working with ruby. I'm trying to do > some programmatic insertion of products into a WooCommerce site. Running > the latest version of Wordpress. I've read some stuff on add_post_meta() > but hasnt helped. > > I've managed to get the posting working, as well as custom fields, the > problem has come in with hidden fields. In the snippet bellow product_url > works fine, _sku doesn't > > snippet as part of the post content: > > ------------------------------------------------------------------------------------------------------------------------- > 'custom_fields' => [{'key' => 'product_url', 'value' => ' > http://mysite.com?rsid=9999' }, > {'key' => "_sku", 'value' => '9999'}] > > ------------------------------------------------------------------------------------------------------------------------- > > XMLRPC Call: > > ------------------------------------------------------------------------------------------------------------------------- > post_id = connection.call( > 'metaWeblog.newPost', > 1, > 'user', > 'password', > post, > true > ) > > ------------------------------------------------------------------------------------------------------------------------- > > Hoping someone can help me out. > > Bradly Swart > > Mobile: +61447068962 > Skype: bradly.swart > Twitter: @brad8711 > linkedIn: http://za.linkedin.com/in/bradlyswart > _______________________________________________ > wp-xmlrpc mailing list > wp-xmlrpc at lists.automattic.com > http://lists.automattic.com/mailman/listinfo/wp-xmlrpc > > > > _______________________________________________ > wp-xmlrpc mailing list > wp-xmlrpc at lists.automattic.com > http://lists.automattic.com/mailman/listinfo/wp-xmlrpc > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wp at andrewnacin.com Sun Dec 23 23:01:08 2012 From: wp at andrewnacin.com (Andrew Nacin) Date: Sun, 23 Dec 2012 18:01:08 -0500 Subject: [wp-xmlrpc] Hidden Custom Fields - Ruby In-Reply-To: References: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl> Message-ID: On Sun, Dec 23, 2012 at 5:59 PM, Bradly Swart wrote: > Yea, I had a look at that, I couldn't figure out how to call it from a > Ruby xmlrpc call though :/ > Right, you won't be able to. The point of protecting underscored meta values was to prevent privilege escalation via XML-RPC ? basically, prevent users from editing keys that they wouldn't be able to edit through the admin. -------------- next part -------------- An HTML attachment was scrubbed... URL: From brad8711 at gmail.com Sun Dec 23 23:03:21 2012 From: brad8711 at gmail.com (Bradly Swart) Date: Mon, 24 Dec 2012 10:03:21 +1100 Subject: [wp-xmlrpc] Hidden Custom Fields - Ruby In-Reply-To: References: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl> Message-ID: Well, that being said I'm kind of at the point of just writing to the table manually through MySQL connection. @Andrew, how can I add that filter to a xmlrpc request ? Bradly Swart Mobile: +61447068962 Skype: bradly.swart Twitter: @brad8711 linkedIn: http://za.linkedin.com/in/bradlyswart On Mon, Dec 24, 2012 at 10:01 AM, Andrew Nacin wrote: > On Sun, Dec 23, 2012 at 5:59 PM, Bradly Swart wrote: > >> Yea, I had a look at that, I couldn't figure out how to call it from a >> Ruby xmlrpc call though :/ >> > > Right, you won't be able to. The point of protecting underscored meta > values was to prevent privilege escalation via XML-RPC ? basically, prevent > users from editing keys that they wouldn't be able to edit through the > admin. > > _______________________________________________ > wp-xmlrpc mailing list > wp-xmlrpc at lists.automattic.com > http://lists.automattic.com/mailman/listinfo/wp-xmlrpc > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wp at andrewnacin.com Sun Dec 23 23:08:28 2012 From: wp at andrewnacin.com (Andrew Nacin) Date: Sun, 23 Dec 2012 18:08:28 -0500 Subject: [wp-xmlrpc] Hidden Custom Fields - Ruby In-Reply-To: References: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl>

Message-ID: On Sun, Dec 23, 2012 at 6:03 PM, Bradly Swart wrote: > Well, that being said I'm kind of at the point of just writing to the > table manually through MySQL connection. > > @Andrew, how can I add that filter to a xmlrpc request ? > You can't. The whole point is to prevent an XML-RPC client from modify content that a user may not be allowed to modify. You can, however, just add a plugin. It'd be a very short plugin: add_filter( 'is_protected_meta', function( $protected, $meta_key, $meta_type ) { if ( 'post' == $meta_type && '_some_key' == $meta_key ) return false; return $protected; }, 10, 3 ); -------------- next part -------------- An HTML attachment was scrubbed... URL: From brad8711 at gmail.com Sun Dec 23 23:20:03 2012 From: brad8711 at gmail.com (Bradly Swart) Date: Mon, 24 Dec 2012 10:20:03 +1100 Subject: [wp-xmlrpc] Hidden Custom Fields - Ruby In-Reply-To: References: <40E81CE1-CAD9-4DBA-B0FA-58B34449FF99@markoheijnen.nl>

Message-ID: Right, looks like I have some work ahead of me :) Thanks for the pointers guys :) Bradly Swart Mobile: +61447068962 Skype: bradly.swart Twitter: @brad8711 linkedIn: http://za.linkedin.com/in/bradlyswart On Mon, Dec 24, 2012 at 10:08 AM, Andrew Nacin wrote: > On Sun, Dec 23, 2012 at 6:03 PM, Bradly Swart wrote: > >> Well, that being said I'm kind of at the point of just writing to the >> table manually through MySQL connection. >> >> @Andrew, how can I add that filter to a xmlrpc request ? >> > > You can't. The whole point is to prevent an XML-RPC client from modify > content that a user may not be allowed to modify. > > You can, however, just add a plugin. It'd be a very short plugin: > > add_filter( 'is_protected_meta', function( $protected, $meta_key, > $meta_type ) { > if ( 'post' == $meta_type && '_some_key' == $meta_key ) > return false; > return $protected; > }, 10, 3 ); > > _______________________________________________ > wp-xmlrpc mailing list > wp-xmlrpc at lists.automattic.com > http://lists.automattic.com/mailman/listinfo/wp-xmlrpc > > -------------- next part -------------- An HTML attachment was scrubbed... URL: