[wp-trac] [WordPress Trac] #17850: XMLRPC API Clients can't edit underscore-prefixed custom fields
WordPress Trac
wp-trac at lists.automattic.com
Thu Jun 23 00:02:37 UTC 2011
#17850: XMLRPC API Clients can't edit underscore-prefixed custom fields
------------------------------+--------------------
Reporter: redsweater | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.1.4
Component: General | Version: 3.1.3
Severity: normal | Resolution:
Keywords: mobile has-patch |
------------------------------+--------------------
Comment (by ryan):
This stuff is a mess. Editing through either XML-RPC or the post custom
meta box is fraught with peril. I think we need to leave all underscore
prefixed meta items as protected from XML-RPC and the custom meta box.
Plugins really need to register a sanitizer to make these safe to edit.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17850#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list