Changeset 6496

Show
Ignore:
Timestamp:
12/26/07 19:50:26 (6 months ago)
Author:
ryan
Message:

Limit post_password exposure. Props josephscott for the patch and xknown for the find. fixes #5535 for 2.4

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/xmlrpc.php

    r6474 r6496  
    15361536        } 
    15371537 
     1538        $this_user = set_current_user( 0, $user_login ); 
     1539 
    15381540        foreach ($posts_list as $entry) { 
     1541            if (  
     1542                !empty( $entry['post_password'] )  
     1543                && !current_user_can( 'edit_post', $entry['ID'] ) 
     1544            ) { 
     1545                unset( $entry['post_password'] ); 
     1546            } 
    15391547 
    15401548            $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);