[wp-trac] [WordPress Trac] #25146: XMLRPC wp.editPost doesn't use update_post_meta
WordPress Trac
noreply at wordpress.org
Mon Aug 26 13:00:16 UTC 2013
#25146: XMLRPC wp.editPost doesn't use update_post_meta
--------------------------+-----------------------------
Reporter: jmaimarc | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: 3.6
Severity: normal | Keywords: needs-patch
--------------------------+-----------------------------
file: wp-includes/class-wp-xmlrpc-server.php
line 287:
Currently, the code is:
{{{
add_post_meta( $post_id, $meta['key'], $meta['value'] );
}}}
Since it doesn't know if the key is unique I think the code should be:
{{{
update_post_meta( $post_id, $meta['key'], $meta['value'] );
}}}
so it checks for an existing meta_key for the post.
FWIW, I tested it locally and it works.
I also wasn't sure about the current_user_can capabilities, so I made the
check:
{{{
current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ||
current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) )
}}}
which might be overkill; I didn't see documentation on those capabilities.
The wp_unslash is inconsistent, but I just copied from an earlier if
statement.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25146>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list