]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-admin/admin-ajax.php
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Wordpress 3.1.3
[autoinstalls/wordpress.git] / wp-admin / admin-ajax.php
diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index d2a8d4d20cd7291adbcd015fadb075f4587d2911..a7e0b48dd0ba100529d901b299c82f0d32e94670 100644 (file)
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -396,7 +396,7 @@ case 'delete-meta' :
        if ( !$meta = get_post_meta_by_id( $id ) )
                die('1');
 
-       if ( !current_user_can( 'edit_post', $meta->post_id ) )
+       if ( !current_user_can( 'edit_post', $meta->post_id ) || is_protected_meta( $meta->meta_key ) )
                die('-1');
        if ( delete_meta( $meta->meta_id ) )
                die('1');
@@ -855,6 +855,8 @@ case 'add-meta' :
                        die('0'); // if meta doesn't exist
                if ( !current_user_can( 'edit_post', $meta->post_id ) )
                        die('-1');
+               if ( is_protected_meta( $meta->meta_key ) )
+                       die('-1');
                if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) {
                        if ( !$u = update_meta( $mid, $key, $value ) )
                                die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
WordPress autoinstaller for phpBB