is_protected_meta example


function wp_ajax_delete_meta() {
    $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;

    check_ajax_referer( "delete-meta_$id);
    $meta = get_metadata_by_mid( 'post', $id );

    if ( ! $meta ) {
        wp_die( 1 );
    }

    if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) {
        wp_die( -1 );
    }

    if ( delete_meta( $meta->meta_id ) ) {
        wp_die( 1 );
    }

    wp_die( 0 );
}

/** * Handles deleting a post via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */
    if ( isset( $post_data['meta'] ) && $post_data['meta'] ) {
        foreach ( $post_data['meta'] as $key => $value ) {
            $meta = get_post_meta_by_id( $key );
            if ( ! $meta ) {
                continue;
            }

            if ( $meta->post_id != $post_id ) {
                continue;
            }

            if ( is_protected_meta( $meta->meta_key, 'post' )
                || ! current_user_can( 'edit_post_meta', $post_id$meta->meta_key )
            ) {
                continue;
            }

            if ( is_protected_meta( $value['key'], 'post' )
                || ! current_user_can( 'edit_post_meta', $post_id$value['key'] )
            ) {
                continue;
            }

            
if ( empty( $object_subtype ) ) {
                $caps[] = 'do_not_allow';
                break;
            }

            $caps = map_meta_cap( "edit_{$object_type}", $user_id$object_id );

            $meta_key = isset( $args[1] ) ? $args[1] : false;

            if ( $meta_key ) {
                $allowed = ! is_protected_meta( $meta_key$object_type );

                if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}) ) {

                    /** * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype. * * The dynamic portions of the hook name, `$object_type`, `$meta_key`, * and `$object_subtype`, refer to the metadata object type (comment, post, term or user), * the meta key value, and the object subtype respectively. * * @since 4.9.8 * * @param bool $allowed Whether the user can add the object meta. Default false. * @param string $meta_key The meta key. * @param int $object_id Object ID. * @param int $user_id User ID. * @param string $cap Capability name. * @param string[] $caps Array of the user's capabilities. */

function _list_meta_row( $entry, &$count ) {
    static $update_nonce = '';

    if ( is_protected_meta( $entry['meta_key'], 'post' ) ) {
        return '';
    }

    if ( ! $update_nonce ) {
        $update_nonce = wp_create_nonce( 'add-meta' );
    }

    $r = '';
    ++$count;

    if ( is_serialized( $entry['meta_value'] ) ) {
        

function the_meta() {
    _deprecated_function( __FUNCTION__, '6.0.2', 'get_post_meta()' );
    $keys = get_post_custom_keys();
    if ( $keys ) {
        $li_html = '';
        foreach ( (array) $keys as $key ) {
            $keyt = trim( $key );
            if ( is_protected_meta( $keyt, 'post' ) ) {
                continue;
            }

            $values = array_map( 'trim', get_post_custom_values( $key ) );
            $value  = implode( ', ', $values );

            $html = sprintf(
                "<li><span class='post-meta-key'>%s</span> %s</li>\n",
                /* translators: %s: Post custom field name. */
                esc_html( sprintf( _x( '%s:', 'Post custom field name' )$key ) ),
                esc_html( $value )
            );

function post_custom_meta_box( $post ) {
    ?> <div id="postcustomstuff"> <div id="ajax-response"></div> <?php     $metadata = has_meta( $post->ID );
    foreach ( $metadata as $key => $value ) {
        if ( is_protected_meta( $metadata[ $key ]['meta_key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post->ID, $metadata[ $key ]['meta_key'] ) ) {
            unset( $metadata[ $key ] );
        }
    }
    list_meta( $metadata );
    meta_form( $post );
    ?> </div> <p> <?php     printf(
        /* translators: %s: Documentation URL. */
        
if ( ! is_array( $args['show_in_rest'] ) || ! isset( $args['show_in_rest']['schema']['items'] ) ) {
            _doing_it_wrong( __FUNCTION__, __( 'When registering an "array" meta type to show in the REST API, you must specify the schema for each array item in "show_in_rest.schema.items".' ), '5.3.0' );

            return false;
        }
    }

    $object_subtype = ! empty( $args['object_subtype'] ) ? $args['object_subtype'] : '';

    // If `auth_callback` is not provided, fall back to `is_protected_meta()`.     if ( empty( $args['auth_callback'] ) ) {
        if ( is_protected_meta( $meta_key$object_type ) ) {
            $args['auth_callback'] = '__return_false';
        } else {
            $args['auth_callback'] = '__return_true';
        }
    }

    // Back-compat: old sanitize and auth callbacks are applied to all of an object type.     if ( is_callable( $args['sanitize_callback'] ) ) {
        if ( ! empty( $object_subtype ) ) {
            add_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'], 10, 4 );
        } else {
            
Home | Imprint | This part of the site doesn't use cookies.