Editor: do not expose protected post meta fields in block bindings.
Ignores meta keys which are considered protected or not registered to be shown in the REST API. Adds tests. Props santosguillamot, swissspidy, gziolo, xknown, peterwilsoncc. Fixes #60651. Built from https://develop.svn.wordpress.org/trunk@57754 git-svn-id: http://core.svn.wordpress.org/trunk@57255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
7013400867
commit
3658bca7fd
|
@ -34,6 +34,19 @@ function _block_bindings_post_meta_get_value( array $source_args, $block_instanc
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the meta field is protected.
|
||||||
|
if ( is_protected_meta( $source_args['key'], 'post' ) ) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if the meta field is registered to be shown in REST.
|
||||||
|
$meta_keys = get_registered_meta_keys( 'post', $block_instance->context['postType'] );
|
||||||
|
// Add fields registered for all subtypes.
|
||||||
|
$meta_keys = array_merge( $meta_keys, get_registered_meta_keys( 'post', '' ) );
|
||||||
|
if ( empty( $meta_keys[ $source_args['key'] ]['show_in_rest'] ) ) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
return get_post_meta( $post_id, $source_args['key'], true );
|
return get_post_meta( $post_id, $source_args['key'], true );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.5-beta3-57753';
|
$wp_version = '6.5-beta3-57754';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue