WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ignore unauthorized meta keys in meta_form(). fixes #18786. 

Built from https://develop.svn.wordpress.org/trunk@25591


git-svn-id: http://core.svn.wordpress.org/trunk@25508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-09-24 01:31:10 +00:00
parent 3db7b4a7a3
commit 9cf6436ff3
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/includes/meta-boxes.php
View File

@ -506,7 +506,7 @@ foreach ( $metadata as $key => $value ) {
unset( $metadata[ $key ] ); unset( $metadata[ $key ] );
} }
list_meta( $metadata ); list_meta( $metadata );
meta_form(); ?> meta_form( $post ); ?>
</div> </div>
<p><?php _e('Custom fields can be used to add extra metadata to a post that you can <a href="http://codex.wordpress.org/Using_Custom_Fields" target="_blank">use in your theme</a>.'); ?></p> <p><?php _e('Custom fields can be used to add extra metadata to a post that you can <a href="http://codex.wordpress.org/Using_Custom_Fields" target="_blank">use in your theme</a>.'); ?></p>
<?php <?php

9
wp-admin/includes/template.php
View File

@ -500,12 +500,15 @@ function _list_meta_row( $entry, &$count ) {
} }
/** /**
* {@internal Missing Short Description}} * Prints the form in the Custom Fields meta box.
* *
* @since 1.2.0 * @since 1.2.0
*
* @param WP_Post $post Optional. The post being edited.
*/ */
function meta_form() { function meta_form( $post = null ) {
global $wpdb; global $wpdb;
$post = get_post( $post );
$limit = (int) apply_filters( 'postmeta_form_limit', 30 ); $limit = (int) apply_filters( 'postmeta_form_limit', 30 );
$keys = $wpdb->get_col( " $keys = $wpdb->get_col( "
SELECT meta_key SELECT meta_key
@ -535,7 +538,7 @@ function meta_form() {
<?php <?php
foreach ( $keys as $key ) { foreach ( $keys as $key ) {
if ( is_protected_meta( $key, 'post' ) ) if ( is_protected_meta( $key, 'post' ) || ! current_user_can( 'add_post_meta', $post->ID, $key ) )
continue; continue;
echo "\n<option value='" . esc_attr($key) . "'>" . esc_html($key) . "</option>"; echo "\n<option value='" . esc_attr($key) . "'>" . esc_html($key) . "</option>";
} }