Changeset 6497

Timestamp:

12/26/07 19:51:01 (7 months ago)

Author:

ryan

Message:

Limit post_password exposure. Props josephscott for the patch and xknown for the find. fixes #5535 for 2.3

Files:

• branches/2.3/xmlrpc.php (modified) (1 diff)

branches/2.3/xmlrpc.php

@@ -1425 +1425 @@
-        }
-
+        $this_user = set_current_user( 0, $user_login );
+
-        foreach ($posts_list as $entry) {
+            if ( 
+                !empty( $entry['post_password'] ) 
+                && !current_user_can( 'edit_post', $entry['ID'] )
+            ) {
+                unset( $entry['post_password'] );
+            }
-
-            $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);