[wp-trac] [WordPress Trac] #17850: XMLRPC API Clients can't edit underscore-prefixed custom fields

WordPress Trac wp-trac at lists.automattic.com
Thu Jun 23 17:52:58 UTC 2011


#17850: XMLRPC API Clients can't edit underscore-prefixed custom fields
------------------------------+--------------------
 Reporter:  redsweater        |       Owner:
     Type:  defect (bug)      |      Status:  new
 Priority:  normal            |   Milestone:  3.1.4
Component:  General           |     Version:  3.1.3
 Severity:  normal            |  Resolution:
 Keywords:  mobile has-patch  |
------------------------------+--------------------

Comment (by xknown):

 The latest two patches seem good. Both have a little type in wp-includes
 /post-template.php, it should be {{{is_hidden_meta( $key )}}}, an not
 {{{is_hidden_meta( $keyt )}}}. Also the code to protect delete_meta at
 wp_xml_rpc_server may be theoretically bypassed -- one can just send the
 mid of a protected meta with any random meta key.

 Regarding 17850.7.diff, adding a is_callable check would also be good.
 Will you intend to push this for 3.2? I think it should be tested
 extensively.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17850#comment:18>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list