Fix escaping of post meta, props DD32, fixes #7768
git-svn-id: http://svn.automattic.com/wordpress/trunk@9116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f5d0646a92
commit
6ba8661a1f
|
@ -499,10 +499,9 @@ function add_meta( $post_ID ) {
|
|||
|
||||
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
|
||||
|
||||
$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
|
||||
$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
|
||||
$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
|
||||
$metavalue = $wpdb->escape( $metavalue );
|
||||
$metakeyselect = stripslashes( trim( $_POST['metakeyselect'] ) );
|
||||
$metakeyinput = stripslashes( trim( $_POST['metakeyinput'] ) );
|
||||
$metavalue = maybe_serialize( stripslashes( trim( $_POST['metavalue'] ) ) );
|
||||
|
||||
if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {
|
||||
// We have a key/value pair. If both the select and the
|
||||
|
@ -519,9 +518,7 @@ function add_meta( $post_ID ) {
|
|||
|
||||
wp_cache_delete($post_ID, 'post_meta');
|
||||
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta
|
||||
(post_id,meta_key,meta_value ) VALUES (%s, %s, %s)",
|
||||
$post_ID, $metakey, $metavalue) );
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) );
|
||||
return $wpdb->insert_id;
|
||||
}
|
||||
return false;
|
||||
|
|
|
@ -519,6 +519,7 @@ function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
|
|||
|
||||
// expected_slashed ($meta_key)
|
||||
$meta_key = stripslashes($meta_key);
|
||||
$meta_value = stripslashes($meta_value);
|
||||
|
||||
if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
|
||||
return false;
|
||||
|
@ -631,6 +632,7 @@ function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') {
|
|||
|
||||
// expected_slashed ($meta_key)
|
||||
$meta_key = stripslashes($meta_key);
|
||||
$meta_value = stripslashes($meta_value);
|
||||
|
||||
if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) {
|
||||
return add_post_meta($post_id, $meta_key, $meta_value);
|
||||
|
|
Loading…
Reference in New Issue