[wp-trac] [WordPress Trac] #17850: XMLRPC API Clients can't edit underscore-prefixed custom fields
WordPress Trac
wp-trac at lists.automattic.com
Thu Jun 23 17:52:58 UTC 2011
#17850: XMLRPC API Clients can't edit underscore-prefixed custom fields
------------------------------+--------------------
Reporter: redsweater | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.1.4
Component: General | Version: 3.1.3
Severity: normal | Resolution:
Keywords: mobile has-patch |
------------------------------+--------------------
Comment (by xknown):
The latest two patches seem good. Both have a little type in wp-includes
/post-template.php, it should be {{{is_hidden_meta( $key )}}}, an not
{{{is_hidden_meta( $keyt )}}}. Also the code to protect delete_meta at
wp_xml_rpc_server may be theoretically bypassed -- one can just send the
mid of a protected meta with any random meta key.
Regarding 17850.7.diff, adding a is_callable check would also be good.
Will you intend to push this for 3.2? I think it should be tested
extensively.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17850#comment:18>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list