diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 20688f7cec..3ff4d66e9e 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -983,7 +983,7 @@ function list_meta($meta) { $style .= ' hidden'; if ( is_serialized($entry['meta_value']) ) { - if ( 's' == $entry['meta_value']{0} ) { + if ( is_serialized_string($entry['meta_value']) ) { // this is a serialized string, so we should display it $entry['meta_value'] = maybe_unserialize($entry['meta_value']); } else { @@ -1068,7 +1068,7 @@ function add_meta($post_ID) { $metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect']))); $metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput']))); - $metavalue = prepare_data(stripslashes((trim($_POST['metavalue'])))); + $metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue'])))); $metavalue = $wpdb->escape($metavalue); if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) { @@ -1100,8 +1100,8 @@ function delete_meta($mid) { function update_meta($mid, $mkey, $mvalue) { global $wpdb; - if ( is_serialized(stripslashes($mvalue)) ) // $mvalue looks to be already serialized, so we should serialize it again to prevent the data from coming out in a different form than it came in - $mvalue = serialize($mvalue); + $mvalue = maybe_serialize(stripslashes($mvalue)); + $mvalue = $wpdb->escape($mvalue); $mid = (int) $mid; return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'"); } diff --git a/wp-admin/options.php b/wp-admin/options.php index aaf79cb4f2..87db8e9c36 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -128,7 +128,7 @@ $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name foreach ( (array) $options as $option) : $disabled = ''; if ( is_serialized($option->option_value) ) { - if ( 's' == $option->option_value{0} ) { + if ( is_serialized_string($option->option_value) ) { // this is a serialized string, so we should display it $value = wp_specialchars(maybe_unserialize($option->option_value), 'single'); $options_to_update[] = $option->option_name; diff --git a/wp-includes/functions.php b/wp-includes/functions.php index a1d76ec665..0e472ad7ef 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -257,7 +257,7 @@ function update_option($option_name, $newvalue) { } $_newvalue = $newvalue; - $newvalue = prepare_data($newvalue); + $newvalue = maybe_serialize($newvalue); wp_cache_set($option_name, $newvalue, 'options'); @@ -279,7 +279,7 @@ function add_option($name, $value = '', $description = '', $autoload = 'yes') { if ( false !== get_option($name) ) return; - $value = prepare_data($value); + $value = maybe_serialize($value); wp_cache_set($name, $value, 'options'); @@ -301,7 +301,7 @@ function delete_option($name) { return true; } -function prepare_data($data) { +function maybe_serialize($data) { if ( is_string($data) ) $data = trim($data); elseif ( is_array($data) || is_object($data) ) diff --git a/wp-includes/post.php b/wp-includes/post.php index e790a03609..1584a25574 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -231,7 +231,7 @@ function add_post_meta($post_id, $key, $value, $unique = false) { $post_meta_cache[$post_id][$key][] = $value; - $value = prepare_data($value); + $value = maybe_serialize($value); $value = $wpdb->escape($value); $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')"); @@ -310,11 +310,11 @@ function update_post_meta($post_id, $key, $value, $prev_value = '') { $post_id = (int) $post_id; $original_value = $value; - $value = prepare_data($value); + $value = maybe_serialize($value); $value = $wpdb->escape($value); $original_prev = $prev_value; - $prev_value = prepare_data($prev_value); + $prev_value = maybe_serialize($prev_value); $prev_value = $wpdb->escape($prev_value); if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) { diff --git a/wp-includes/user.php b/wp-includes/user.php index 8c4c58ad65..62d20a7e31 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -116,7 +116,7 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) { // FIXME: usermeta data is assumed to be already escaped $meta_value = stripslashes($meta_value); - $meta_value = prepare_data($meta_value); + $meta_value = maybe_serialize($meta_value); $meta_value = $wpdb->escape($meta_value); if (empty($meta_value)) {