Ignore unauthorized meta keys in meta_form(). fixes #18786.

Built from https://develop.svn.wordpress.org/trunk@25591


git-svn-id: http://core.svn.wordpress.org/trunk@25508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-09-24 01:31:10 +00:00
parent 3db7b4a7a3
commit 9cf6436ff3
2 changed files with 7 additions and 4 deletions

View File

@ -506,7 +506,7 @@ foreach ( $metadata as $key => $value ) {
unset( $metadata[ $key ] );
}
list_meta( $metadata );
meta_form(); ?>
meta_form( $post ); ?>
</div>
<p><?php _e('Custom fields can be used to add extra metadata to a post that you can <a href="http://codex.wordpress.org/Using_Custom_Fields" target="_blank">use in your theme</a>.'); ?></p>
<?php

View File

@ -500,12 +500,15 @@ function _list_meta_row( $entry, &$count ) {
}
/**
* {@internal Missing Short Description}}
* Prints the form in the Custom Fields meta box.
*
* @since 1.2.0
*
* @param WP_Post $post Optional. The post being edited.
*/
function meta_form() {
function meta_form( $post = null ) {
global $wpdb;
$post = get_post( $post );
$limit = (int) apply_filters( 'postmeta_form_limit', 30 );
$keys = $wpdb->get_col( "
SELECT meta_key
@ -535,7 +538,7 @@ function meta_form() {
<?php
foreach ( $keys as $key ) {
if ( is_protected_meta( $key, 'post' ) )
if ( is_protected_meta( $key, 'post' ) || ! current_user_can( 'add_post_meta', $post->ID, $key ) )
continue;
echo "\n<option value='" . esc_attr($key) . "'>" . esc_html($key) . "</option>";
}