[wp-trac] [WordPress Trac] #38293: A connected user can delete a protected post meta
WordPress Trac
noreply at wordpress.org
Mon Oct 31 19:23:18 UTC 2016
#38293: A connected user can delete a protected post meta
---------------------------------------------+-----------------------------
Reporter: ajoah | Owner: johnbillion
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 4.7
Component: Posts, Post Types | Version: 3.3
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests commit | Focuses: administration
---------------------------------------------+-----------------------------
Changes (by johnbillion):
* keywords: has-patch has-unit-tests => has-patch has-unit-tests commit
* milestone: Future Release => 4.7
Comment:
Thanks @peterwilsoncc. [attachment:38293.2.diff] tweaks the test a bit.
The condition doesn't rely on a separate user updating the post -- any
user cannot alter a protected meta field via `edit_post()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38293#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list