Support » Fixing WordPress » How can i change protected params. XMLRPC.

Viewing 7 replies - 1 through 7 (of 7 total)
  • I don’t use xmlrpc much any more nor do I use AIO seo pack but…

    it seems the issue is that AIO uses _prefixed_custom_fields to store it’s data and that is the piece that WordPress doesn’t like (via xmlrpc).

    You could make a plugin that would convert a non _ prefixed field to the ones AIO is looking for.


    That way you could update temp_keywords and temp_description and temp_title via xmlrpc and then tell your plugin to convert them on the next page load. Just a thought, of course I have no idea if that would actually work.

    Thread Starter Deads


    Thx, but i write a hack, which allow to create or modify protected fields.
    Open {wordpress_dir}/wp-includes/class-wp-xmlrpc-server.php file at text editor, find function set_custom_fields and replace it on this code:

    function set_custom_fields($post_id, $fields) {
    		$post_id = (int) $post_id;
    		foreach ( (array) $fields as $meta ) {
    			if ( isset($meta['id']) ) {
    				$meta['id'] = (int) $meta['id'];
    				$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
    				$meta['value'] = stripslashes_deep( $meta['value'] );
    				if ( isset($meta['key']) ) {
    					$meta['key'] = stripslashes( $meta['key'] );
    					if ( $meta['key'] != $pmeta->meta_key )
    					if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
    						update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
    				} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
    					delete_metadata_by_mid( 'post', $meta['id'] );
    			} elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) OR
    						 (($meta['key'] == '_aioseop_keywords'
    						 OR $meta['key'] == '_aioseop_description') AND
    						 current_user_can( 'add_post_meta', $post_id, str_replace('_', '', stripslashes( $meta['key'] ) )) 
    					 )) {
    				add_post_meta( $post_id, $meta['key'], $meta['value'] );

    To add a protected field via XML-RPC you should use register_meta() to whitelist that field.

    Here’s a piece of code I used to whitelist a protected custom field of the Magic Fields plugin, so I could updated via XML-RPC:

    register_meta( 'post', '_mf_write_panel_id', 'custom_sanitize_as_is', 'custom_auth_always_allow');
    function custom_sanitize_as_is( $meta_value, $meta_key, $meta_type ) {
    	return $meta_value;
    function custom_auth_always_allow( $allowed, $meta_key, $post_id, $user_id, $cap, $caps ) {
    	return true;

    Thanks so much for posting this code Hugo, I looked everywhere on how to use register_meta function properly and couldn’t find an example. Your code worked flawlessly.

    Sorry, I’m new to wordpress (and php, too). Do you have an example of how to use register_meta? Within the existing plugin? As a standalone plugin? In the source of wordpress itself?

    Hi JKring… see here a full custom plugin you can just drop into your ./wp-content/plugins folder:

    Thanks Hugo, like clevertechie said, it’s not easy finding info on how to make this work with the register_meta function.

    For anyone else that this might help, one thing that tripped me up was using this for custom post types. I mistakenly thought I had to replace the first parameter (i.e. ‘post’) with my custom post type name, and when I did, I wasn’t getting the results I expected.

    Once I switched it back to ‘post’, it worked like a charm.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘How can i change protected params. XMLRPC.’ is closed to new replies.