Consider whitelisting editing of custom fields
-
Hi! I am the developer of MarsEdit, a desktop blogging app for the Mac.
MarsEdit supports configuration of custom fields to e.g. update the pertinent values for SEO packages such as WordPress SEO by Yoast. Unfortunately, the default behavior of WordPress is to prohibit such access because the fields beginning with “_” underscores are considered “protected.”
I experimented with whitelisting these accesses through a plugin with good success. I wonder if you would consider integrating something like the following into your plugin so it will work “out of the box” for folks who want to use MarsEdit with Yoast SEO.
Note this has the nice effect that it doesn’t change the fields from “protected” so they still don’t show up as raw custom fields in the WP admin interface. But they do pass the test of meriting editing and adding permission, so when XMLRPC submissions include changes to those values, they are editable.
<?php /* Plugin Name: Custom Field Permissions Description: Simple plugin to open up access for editing "protected" custom fields e.g. to facilitate editing SEO plugin fields via MarsEdit. Author: Daniel Jalkut / Red Sweater Software Version: 1.0 Author URI: http://www.red-sweater.com/blog/ */ function startsWith($haystack, $needle) { return !strncmp($haystack, $needle, strlen($needle)); } // I don't think it's particularly well documented but in my tests $args[3] is the name of the meta field value // being attempted to be edited or added. function grantCustomFieldEditPermissions( $allcaps, $cap, $args ) { // Only apply when the question is whether a metadata field should be editable $requestedCap = $args[0]; if (($requestedCap == "edit_post_meta") || ($requestedCap == "add_post_meta")) { // Only indulge editing rights to users who can otherwise edit this post $postID = $args[2]; $userCanEdit = current_user_can('edit_post', $postID); if ($userCanEdit) { $editedMetaField = $args[3]; // Allow anything relating to SEO Plugins Yoast, AIOSEO, etc. Note because only // underscore-prefixed fields are "protected" by default, we don't need to worry about // any plugins that use names not starting with underscore. if (startsWith($editedMetaField, "_yoast_wpseo_") || startsWith($editedMetaField, "_aioseop_") || startsWith($editedMetaField, "_headspace_")) { $allcaps[$args[0]] = true; } } } return $allcaps; } add_filter( 'user_has_cap', 'grantCustomFieldEditPermissions', 0, 3 ); ?>
- The topic ‘Consider whitelisting editing of custom fields’ is closed to new replies.