Use *_metadata_by_mid() API in set_custom_fields(). Handle slashing when checking caps for key. see #18195

git-svn-id: http://svn.automattic.com/wordpress/trunk@18501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-08-03 18:20:15 +00:00
parent 24d480d088
commit 852627fc48
1 changed files with 6 additions and 4 deletions

View File

@ -262,16 +262,18 @@ class wp_xmlrpc_server extends IXR_Server {
if ( isset($meta['id']) ) { if ( isset($meta['id']) ) {
$meta['id'] = (int) $meta['id']; $meta['id'] = (int) $meta['id'];
$pmeta = get_metadata_by_mid( 'post', $meta['id'] ); $pmeta = get_metadata_by_mid( 'post', $meta['id'] );
$meta['value'] = stripslashes_deep( $meta['value'] );
if ( isset($meta['key']) ) { if ( isset($meta['key']) ) {
$meta['key'] = stripslashes( $meta['key'] );
if ( $meta['key'] != $pmeta->meta_key ) if ( $meta['key'] != $pmeta->meta_key )
continue; continue;
if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
update_meta( $meta['id'], $meta['key'], $meta['value'] ); update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
delete_meta( $meta['id'] ); delete_metadata_by_mid( 'post', $meta['id'] );
} }
} elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) { } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
add_post_meta( $post_id, $meta['key'], $meta['value'] ); add_post_meta( $post_id, $meta['key'], $meta['value'] );
} }
} }
} }