From 7f0bd4bbd63c46d6c094940ca5ed403d17b7820d Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Tue, 9 Jul 2013 02:22:57 +0000
Subject: [PATCH] XML-RPC: For wp.getOptions, set readonly to true for writable
 options that the user does not have permission to edit.

props westi.
fixes #20201.



git-svn-id: https://develop.svn.wordpress.org/trunk@24597 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/class-wp-xmlrpc-server.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index 0e7507afa4..683ff38cc4 100644
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -3199,6 +3199,7 @@ class wp_xmlrpc_server extends IXR_Server {
 	 */
 	function _getOptions($options) {
 		$data = array();
+		$can_manage = current_user_can( 'manage_options' );
 		foreach ( $options as $option ) {
 			if ( array_key_exists( $option, $this->blog_options ) ) {
 				$data[$option] = $this->blog_options[$option];
@@ -3207,6 +3208,9 @@ class wp_xmlrpc_server extends IXR_Server {
 					$data[$option]['value'] = get_option( $data[$option]['option'] );
 					unset($data[$option]['option']);
 				}
+
+				if ( ! $can_manage )
+					$data[$option]['readonly'] = true;
 			}
 		}