From d420b71d5259c055074d2848b5f984a29769aba8 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Tue, 24 Sep 2013 01:30:31 +0000
Subject: [PATCH] Ignore unauthorized meta keys in meta_form(). fixes #18786.

git-svn-id: https://develop.svn.wordpress.org/trunk@25591 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/meta-boxes.php | 2 +-
 src/wp-admin/includes/template.php   | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/wp-admin/includes/meta-boxes.php b/src/wp-admin/includes/meta-boxes.php
index 7f13f54547..4ea03e94df 100644
--- a/src/wp-admin/includes/meta-boxes.php
+++ b/src/wp-admin/includes/meta-boxes.php
@@ -506,7 +506,7 @@ foreach ( $metadata as $key => $value ) {
 		unset( $metadata[ $key ] );
 }
 list_meta( $metadata );
-meta_form(); ?>
+meta_form( $post ); ?>
 </div>
 <p><?php _e('Custom fields can be used to add extra metadata to a post that you can <a href="http://codex.wordpress.org/Using_Custom_Fields" target="_blank">use in your theme</a>.'); ?></p>
 <?php
diff --git a/src/wp-admin/includes/template.php b/src/wp-admin/includes/template.php
index a46e294379..c5122dd611 100644
--- a/src/wp-admin/includes/template.php
+++ b/src/wp-admin/includes/template.php
@@ -500,12 +500,15 @@ function _list_meta_row( $entry, &$count ) {
 }
 
 /**
- * {@internal Missing Short Description}}
+ * Prints the form in the Custom Fields meta box.
  *
  * @since 1.2.0
+ *
+ * @param WP_Post $post Optional. The post being edited.
  */
-function meta_form() {
+function meta_form( $post = null ) {
 	global $wpdb;
+	$post = get_post( $post );
 	$limit = (int) apply_filters( 'postmeta_form_limit', 30 );
 	$keys = $wpdb->get_col( "
 		SELECT meta_key
@@ -535,7 +538,7 @@ function meta_form() {
 <?php
 
 	foreach ( $keys as $key ) {
-		if ( is_protected_meta( $key, 'post' ) )
+		if ( is_protected_meta( $key, 'post' ) || ! current_user_can( 'add_post_meta', $post->ID, $key ) )
 			continue;
 		echo "\n<option value='" . esc_attr($key) . "'>" . esc_html($key) . "</option>";
 	}