WordPress/wp-admin
John Blackbourn babd79fb36 Posts, Post Types: Prevent users from being able to delete a protected meta field from a post.
Previously a user could remove a protected meta field by using their browser developer tools to alter the form field properties in the Custom Fields meta box, given that they know the ID of the protected meta field. This change prevents this by preventing any change to a protected meta field, including changing its key.

Props ajoah, johnbillion, peterwilsoncc
Fixes #38293

Built from https://develop.svn.wordpress.org/trunk@39062


git-svn-id: http://core.svn.wordpress.org/trunk@39004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 19:30:32 +00:00
..
css Accessibility: Remove inappropriate content from the Posts and Edit screens headings. 2016-10-27 20:39:39 +00:00
images Customize: Add a RTL version of "browser.png" for the site icon preview. 2016-07-05 11:32:29 +00:00
includes Posts, Post Types: Prevent users from being able to delete a protected meta field from a post. 2016-10-31 19:30:32 +00:00
js Customize: Reveal controls pane when clicking on edit shortcuts in mobile preview. 2016-10-30 04:23:44 +00:00
maint I18N: Make the translator comment added in [37858] more explicit and consistent with other similar instances. 2016-07-04 13:10:30 +00:00
network Administration: Switch to handle_network_bulk_actions-{$screen} for the bulk listing screen actions in the network admin area. 2016-10-26 14:37:29 +00:00
user Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP. 2016-05-22 18:01:30 +00:00
about.php About Page: Use get_user_language() for the video subtitles. 2016-10-26 12:11:43 +00:00
admin-ajax.php TinyMCE, inline link: 2016-07-26 23:24:28 +00:00
admin-footer.php Hooks: Standardize naming of dynamic hooks to use interpolation vs concatenation. 2016-08-22 18:25:31 +00:00
admin-functions.php Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core. 2016-07-06 12:40:29 +00:00
admin-header.php Multisite: Use get_network() and get_current_network_id() for current network data. 2016-10-19 04:47:30 +00:00
admin-post.php
admin.php Hooks: Standardize naming of dynamic hooks to use interpolation vs concatenation. 2016-08-22 18:25:31 +00:00
async-upload.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
comment.php Accessibility: Remove target=_blank from the comment/edit-comments help tabs links. 2016-10-04 06:54:30 +00:00
credits.php General: use get_bloginfo( 'version' ) instead of global $wp_version in several locations - excluding those locations which reload version.php mid-flight. 2016-08-31 05:49:37 +00:00
custom-background.php Customize: Improve custom background properties UI. 2016-10-26 06:52:29 +00:00
custom-header.php Accessibility: Remove target=_blank from the old custom background/header help tabs links. 2016-10-04 06:57:30 +00:00
customize.php Customize: Add edit shortcuts in customizer preview to visually expose editable elements and focus on the corresponding controls when clicked. 2016-10-26 20:03:32 +00:00
edit-comments.php Administration: Standardise the docblocks for the handle_bulk_actions-* filters. 2016-10-26 14:45:29 +00:00
edit-form-advanced.php Accessibility: Remove inappropriate content from the Posts and Edit screens headings. 2016-10-27 20:39:39 +00:00
edit-form-comment.php Accessibility: Standardize the remove/delete/cancel links in the Menus screen and Publish meta boxes. 2016-09-17 15:39:30 +00:00
edit-link-form.php Accessibility: Remove target=_blank from the help tab links on several admin screens. 2016-10-04 20:27:33 +00:00
edit-tag-form.php Taxonomy: On wp-admin/term.php, don't show a 'Back to' link which links to the current page. 2016-10-07 20:13:28 +00:00
edit-tags.php Administration: Standardise the docblocks for the handle_bulk_actions-* filters. 2016-10-26 14:45:29 +00:00
edit.php Accessibility: Remove inappropriate content from the Posts and Edit screens headings. 2016-10-27 20:39:39 +00:00
export.php Accessibility: Remove target=_blank from the help tab links on several admin screens. 2016-10-04 20:27:33 +00:00
freedoms.php General: use get_bloginfo( 'version' ) instead of global $wp_version in several locations - excluding those locations which reload version.php mid-flight. 2016-08-31 05:49:37 +00:00
import.php Accessibility: Remove target=_blank from the help tab links on several admin screens. 2016-10-04 20:27:33 +00:00
index.php Drop the requirement for the entry points to WordPress to be parsable by PHP4. 2016-10-25 03:15:30 +00:00
install-helper.php
install.php Administration: Improve the usage of the button CSS classes. 2016-09-28 19:54:28 +00:00
link-add.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
link-manager.php Administration: Standardise the docblocks for the handle_bulk_actions-* filters. 2016-10-26 14:45:29 +00:00
link-parse-opml.php General: Check to see that the PHP-XML module is enabled before using XML functions. 2016-10-24 04:45:31 +00:00
link.php Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide. 2016-07-10 00:51:30 +00:00
load-scripts.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
load-styles.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
media-new.php Accessibility: Remove target=_blank from the help tab links on several admin screens. 2016-10-04 20:27:33 +00:00
media-upload.php Hooks: Standardize naming of dynamic hooks to use interpolation vs concatenation. 2016-08-22 18:25:31 +00:00
media.php Accessibility: Remove target=_blank from the help tab links on several admin screens. 2016-10-04 20:27:33 +00:00
menu-header.php Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP. 2016-05-22 18:01:30 +00:00
menu.php Upgrade/Install: Refresh update counts after page load. 2016-10-19 10:27:29 +00:00
moderation.php
ms-admin.php
ms-delete-site.php I18N: Introduce a locale-switching function. 2016-10-26 15:36:31 +00:00
ms-edit.php
ms-options.php
ms-sites.php
ms-themes.php
ms-upgrade-network.php
ms-users.php
my-sites.php Multisite: Replace get_blog_details() in wp-admin/my-sites.php with get_site(). 2016-10-19 06:02:29 +00:00
nav-menus.php Nav Menus: Update help text to include the two latest default themes, Twenty Sixteen and Twenty Seventeen. 2016-10-25 20:02:32 +00:00
network.php Accessibility: Remove target=_blank from the help tab links in network.php. 2016-10-30 15:19:37 +00:00
options-discussion.php Accessibility: Remove target=_blank from the Settings screens help tabs links. 2016-10-04 06:59:29 +00:00
options-general.php Accessibility: Remove target=_blank from the Settings screens help tabs links. 2016-10-04 06:59:29 +00:00
options-head.php
options-media.php Accessibility: Remove target=_blank from the Settings screens help tabs links. 2016-10-04 06:59:29 +00:00
options-permalink.php Accessibility: Remove target=_blank from the Settings screens help tabs links. 2016-10-04 06:59:29 +00:00
options-reading.php Accessibility: Remove target=_blank from the Settings screens help tabs links. 2016-10-04 06:59:29 +00:00
options-writing.php Accessibility: Remove target=_blank from the Settings screens help tabs links. 2016-10-04 06:59:29 +00:00
options.php I18N: Introduce a user-specific language setting. 2016-10-03 07:04:29 +00:00
plugin-editor.php Plugins: Correctly display the current plugin in the plugin editor. 2016-10-07 16:58:28 +00:00
plugin-install.php Accessibility: Remove target=_blank from the Plugins, Themes, Media, Update, and Tools screens help tabs links. 2016-10-04 07:08:29 +00:00
plugins.php Administration: Standardise the docblocks for the handle_bulk_actions-* filters. 2016-10-26 14:45:29 +00:00
post-new.php I18N: Combine two duplicate "Invalid post type" strings. 2016-07-17 16:05:31 +00:00
post.php Text Changes: Unify permission error messages. 2016-06-29 15:16:29 +00:00
press-this.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
profile.php
revision.php Accessibility: Remove target=_blank from the Plugins, Themes, Media, Update, and Tools screens help tabs links. 2016-10-04 07:08:29 +00:00
setup-config.php Drop the requirement for the entry points to WordPress to be parsable by PHP4. 2016-10-25 03:15:30 +00:00
term.php Taxonomy: Introduce more fine grained capabilities for managing taxonomy terms. 2016-09-30 22:40:28 +00:00
theme-editor.php Accessibility: Remove target=_blank from the Plugins, Themes, Media, Update, and Tools screens help tabs links. 2016-10-04 07:08:29 +00:00
theme-install.php Accessibility: Remove target=_blank from the Plugins, Themes, Media, Update, and Tools screens help tabs links. 2016-10-04 07:08:29 +00:00
themes.php Themes: After [38788], further improve the update button when there's no update package. 2016-10-21 10:36:46 +00:00
tools.php Accessibility: Remove target=_blank from the Plugins, Themes, Media, Update, and Tools screens help tabs links. 2016-10-04 07:08:29 +00:00
update-core.php Upgrade/Install: Refresh update counts after page load. 2016-10-19 10:27:29 +00:00
update.php Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389. 2016-08-31 16:31:29 +00:00
upgrade-functions.php Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core. 2016-07-06 12:40:29 +00:00
upgrade.php
upload.php Administration: Standardise the docblocks for the handle_bulk_actions-* filters. 2016-10-26 14:45:29 +00:00
user-edit.php I18N: Don't use get_user_option() for retrieving user's language. 2016-10-30 22:26:31 +00:00
user-new.php Accessibility: Improve the form labels on the Add New User screen. 2016-10-29 12:54:30 +00:00
users.php Administration: Standardise the docblocks for the handle_bulk_actions-* filters. 2016-10-26 14:45:29 +00:00
widgets.php Accessibility: Remove target=_blank from the Users and Widgets screens help tabs links. 2016-10-04 07:10:31 +00:00