This thread is resolved. Here is a description of the problem and solution.
Question: It seems that Access permissions like Edit Own are not enforced when calling update_post_meta, is that correct?
Answer: Yes, this is correct. Custom code implementations should utilize current_user_can to compare capabilities before calling update_post_meta, etc. directly.
This support ticket is created 3 years, 6 months ago. There's a good chance that you are reading advice that it now obsolete.
This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 8:00 – 12:00 | 8:00 – 12:00 | 8:00 – 12:00 | 8:00 – 12:00 | 8:00 – 12:00 | - | - |
| 13:00 – 17:00 | 13:00 – 17:00 | 13:00 – 17:00 | 13:00 – 17:00 | 13:00 – 17:00 | - | - |
Supporter timezone: America/New_York (GMT-04:00)
This topic contains 2 replies, has 2 voices.
Last updated by 3 years, 6 months ago.
Assisted by: Christian Cox.
