CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
is_protected_meta example
function wp_ajax_delete_meta() {
$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
check_ajax_referer( "delete-meta_$id" );
$meta = get_metadata_by_mid( 'post', $id );
if ( ! $meta ) {
wp_die( 1 );
}
if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) {
wp_die( -1 );
}
if ( delete_meta( $meta->meta_id ) ) {
wp_die( 1 );
}
wp_die( 0 );
}
/** * Handles deleting a post via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */
if ( isset( $post_data['meta'] ) && $post_data['meta'] ) {
foreach ( $post_data['meta'] as $key => $value ) {
$meta = get_post_meta_by_id( $key );
if ( ! $meta ) {
continue;
}
if ( $meta->post_id != $post_id ) {
continue;
}
if ( is_protected_meta( $meta->meta_key, 'post' )
|| ! current_user_can( 'edit_post_meta', $post_id, $meta->meta_key )
) {
continue;
}
if ( is_protected_meta( $value['key'], 'post' )
|| ! current_user_can( 'edit_post_meta', $post_id, $value['key'] )
) {
continue;
}
foreach ( $post_data['meta'] as $key => $value ) {
$meta = get_post_meta_by_id( $key );
if ( ! $meta ) {
continue;
}
if ( $meta->post_id != $post_id ) {
continue;
}
if ( is_protected_meta( $meta->meta_key, 'post' )
|| ! current_user_can( 'edit_post_meta', $post_id, $meta->meta_key )
) {
continue;
}
if ( is_protected_meta( $value['key'], 'post' )
|| ! current_user_can( 'edit_post_meta', $post_id, $value['key'] )
) {
continue;
}
if ( empty( $object_subtype ) ) {
$caps[] = 'do_not_allow';
break;
}
$caps = map_meta_cap( "edit_{$object_type}", $user_id, $object_id );
$meta_key = isset( $args[1] ) ? $args[1] : false;
if ( $meta_key ) {
$allowed = ! is_protected_meta( $meta_key, $object_type );
if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {
/** * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype. * * The dynamic portions of the hook name, `$object_type`, `$meta_key`, * and `$object_subtype`, refer to the metadata object type (comment, post, term or user), * the meta key value, and the object subtype respectively. * * @since 4.9.8 * * @param bool $allowed Whether the user can add the object meta. Default false. * @param string $meta_key The meta key. * @param int $object_id Object ID. * @param int $user_id User ID. * @param string $cap Capability name. * @param string[] $caps Array of the user's capabilities. */
$caps[] = 'do_not_allow';
break;
}
$caps = map_meta_cap( "edit_{$object_type}", $user_id, $object_id );
$meta_key = isset( $args[1] ) ? $args[1] : false;
if ( $meta_key ) {
$allowed = ! is_protected_meta( $meta_key, $object_type );
if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {
/** * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype. * * The dynamic portions of the hook name, `$object_type`, `$meta_key`, * and `$object_subtype`, refer to the metadata object type (comment, post, term or user), * the meta key value, and the object subtype respectively. * * @since 4.9.8 * * @param bool $allowed Whether the user can add the object meta. Default false. * @param string $meta_key The meta key. * @param int $object_id Object ID. * @param int $user_id User ID. * @param string $cap Capability name. * @param string[] $caps Array of the user's capabilities. */
function _list_meta_row( $entry, &$count ) {
static $update_nonce = '';
if ( is_protected_meta( $entry['meta_key'], 'post' ) ) {
return '';
}
if ( ! $update_nonce ) {
$update_nonce = wp_create_nonce( 'add-meta' );
}
$r = '';
++$count;
if ( is_serialized( $entry['meta_value'] ) ) {
function the_meta() {
_deprecated_function( __FUNCTION__, '6.0.2', 'get_post_meta()' );
$keys = get_post_custom_keys();
if ( $keys ) {
$li_html = '';
foreach ( (array) $keys as $key ) {
$keyt = trim( $key );
if ( is_protected_meta( $keyt, 'post' ) ) {
continue;
}
$values = array_map( 'trim', get_post_custom_values( $key ) );
$value = implode( ', ', $values );
$html = sprintf(
"<li><span class='post-meta-key'>%s</span> %s</li>\n",
/* translators: %s: Post custom field name. */
esc_html( sprintf( _x( '%s:', 'Post custom field name' ), $key ) ),
esc_html( $value )
);
function post_custom_meta_box( $post ) {
?> <div id="postcustomstuff"> <div id="ajax-response"></div> <?php $metadata = has_meta( $post->ID );
foreach ( $metadata as $key => $value ) {
if ( is_protected_meta( $metadata[ $key ]['meta_key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post->ID, $metadata[ $key ]['meta_key'] ) ) {
unset( $metadata[ $key ] );
}
}
list_meta( $metadata );
meta_form( $post );
?> </div> <p> <?php printf(
/* translators: %s: Documentation URL. */
if ( ! is_array( $args['show_in_rest'] ) || ! isset( $args['show_in_rest']['schema']['items'] ) ) {
_doing_it_wrong( __FUNCTION__, __( 'When registering an "array" meta type to show in the REST API, you must specify the schema for each array item in "show_in_rest.schema.items".' ), '5.3.0' );
return false;
}
}
$object_subtype = ! empty( $args['object_subtype'] ) ? $args['object_subtype'] : '';
// If `auth_callback` is not provided, fall back to `is_protected_meta()`. if ( empty( $args['auth_callback'] ) ) {
if ( is_protected_meta( $meta_key, $object_type ) ) {
$args['auth_callback'] = '__return_false';
} else {
$args['auth_callback'] = '__return_true';
}
}
// Back-compat: old sanitize and auth callbacks are applied to all of an object type. if ( is_callable( $args['sanitize_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
add_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'], 10, 4 );
} else {
_doing_it_wrong( __FUNCTION__, __( 'When registering an "array" meta type to show in the REST API, you must specify the schema for each array item in "show_in_rest.schema.items".' ), '5.3.0' );
return false;
}
}
$object_subtype = ! empty( $args['object_subtype'] ) ? $args['object_subtype'] : '';
// If `auth_callback` is not provided, fall back to `is_protected_meta()`. if ( empty( $args['auth_callback'] ) ) {
if ( is_protected_meta( $meta_key, $object_type ) ) {
$args['auth_callback'] = '__return_false';
} else {
$args['auth_callback'] = '__return_true';
}
}
// Back-compat: old sanitize and auth callbacks are applied to all of an object type. if ( is_callable( $args['sanitize_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
add_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'], 10, 4 );
} else {