From b578f36b54c2ac9fe2b22e3ff89c343317311a53 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Tue, 9 Jul 2013 02:22:57 +0000
Subject: [PATCH] XML-RPC: For wp.getOptions, set readonly to true for writable
 options that the user does not have permission to edit.

props westi.
fixes #20201.



git-svn-id: http://core.svn.wordpress.org/trunk@24597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/class-wp-xmlrpc-server.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index 0e7507afa4..683ff38cc4 100644
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -3199,6 +3199,7 @@ class wp_xmlrpc_server extends IXR_Server {
 	 */
 	function _getOptions($options) {
 		$data = array();
+		$can_manage = current_user_can( 'manage_options' );
 		foreach ( $options as $option ) {
 			if ( array_key_exists( $option, $this->blog_options ) ) {
 				$data[$option] = $this->blog_options[$option];
@@ -3207,6 +3208,9 @@ class wp_xmlrpc_server extends IXR_Server {
 					$data[$option]['value'] = get_option( $data[$option]['option'] );
 					unset($data[$option]['option']);
 				}
+
+				if ( ! $can_manage )
+					$data[$option]['readonly'] = true;
 			}
 		}