sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

XML-RPC: For wp.getOptions, set readonly to true for writable options that the user does not have permission to edit.

Browse Source 
props westi.
fixes #20201.



git-svn-id: https://develop.svn.wordpress.org/trunk@24597 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2013-07-09 02:22:57 +00:00
parent f1bf096eab
commit 7f0bd4bbd6
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/class-wp-xmlrpc-server.php
View File

@ -3199,6 +3199,7 @@ class wp_xmlrpc_server extends IXR_Server {
*/ */
function _getOptions($options) { function _getOptions($options) {
$data = array(); $data = array();
$can_manage = current_user_can( 'manage_options' );
foreach ( $options as $option ) { foreach ( $options as $option ) {
if ( array_key_exists( $option, $this->blog_options ) ) { if ( array_key_exists( $option, $this->blog_options ) ) {
$data[$option] = $this->blog_options[$option]; $data[$option] = $this->blog_options[$option];
@ -3207,6 +3208,9 @@ class wp_xmlrpc_server extends IXR_Server {
$data[$option]['value'] = get_option( $data[$option]['option'] ); $data[$option]['value'] = get_option( $data[$option]['option'] );
unset($data[$option]['option']); unset($data[$option]['option']);
} }
if ( ! $can_manage )
$data[$option]['readonly'] = true;
} }
} }