Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Actually check if the meta is protected, not just disable all post_meta ... #10

Merged
merged 1 commit into from

3 participants

@kokarn

...for unauthorized users

Thanks to @jwilsson for support on this (and coffee)

@pippinsplugins
Collaborator

Looks good to me.

@rmccue rmccue merged commit eba991d into WP-API:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 23, 2013
  1. @kokarn

    Actually check if the meta is protected, not just disable all post_me…

    kokarn authored
    …ta for unauthorized users
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  lib/class-wp-json-posts.php
View
2  lib/class-wp-json-posts.php
@@ -612,7 +612,7 @@ protected function prepare_meta( $post_id ) {
foreach ( (array) has_meta( $post_id ) as $meta ) {
// Don't expose protected fields.
- if ( ! current_user_can( 'edit_post_meta', $post_id, $meta['meta_key'] ) )
+ if ( is_protected_meta( $meta['meta_key'] ) )
continue;
$custom_fields[] = array(
Something went wrong with that request. Please try again.