[wp-trac] [WordPress Trac] #25189: Meta keys a user can't edit shouldn't be displayed in the Custom Fields meta box
WordPress Trac
noreply at wordpress.org
Fri Aug 30 07:30:08 UTC 2013
#25189: Meta keys a user can't edit shouldn't be displayed in the Custom Fields
meta box
----------------------------+-----------------------------
Reporter: trepmal | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Keywords: has-patch
----------------------------+-----------------------------
So you've registered your meta like this
{{{
register_meta( 'post', 'my_registered_meta', 'my_sanitize_callback',
'__return_false' );
}}}
`__return_false` is ultimately passed to a cap check to make the user not
allowed to edit the meta.
The caps are correctly checked when listing the key/value pairs in the
meta box, but the key is still listed in the key-picker <select> menu
(assuming the key exists because your plugin created it) and attempts to
add meta with that key from the Custom Fields box fail with an error.
Here's my attempt to diagram the issue: [[Image(http://cl.ly/R70L/custom-
meta.png)]]
And here's code to demo the issue:
[https://gist.github.com/trepmal/28653a84b6a14ac7db94]
The patch simply adds a `current_user_can` check
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25189>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list