Use *_metadata_by_mid() API in set_custom_fields(). Handle slashing when checking caps for key. see #18195
git-svn-id: http://svn.automattic.com/wordpress/trunk@18501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
24d480d088
commit
852627fc48
|
@ -262,16 +262,18 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
if ( isset($meta['id']) ) {
|
if ( isset($meta['id']) ) {
|
||||||
$meta['id'] = (int) $meta['id'];
|
$meta['id'] = (int) $meta['id'];
|
||||||
$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
|
$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
|
||||||
|
$meta['value'] = stripslashes_deep( $meta['value'] );
|
||||||
if ( isset($meta['key']) ) {
|
if ( isset($meta['key']) ) {
|
||||||
|
$meta['key'] = stripslashes( $meta['key'] );
|
||||||
if ( $meta['key'] != $pmeta->meta_key )
|
if ( $meta['key'] != $pmeta->meta_key )
|
||||||
continue;
|
continue;
|
||||||
if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
|
if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
|
||||||
update_meta( $meta['id'], $meta['key'], $meta['value'] );
|
update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
|
||||||
} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
|
} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
|
||||||
delete_meta( $meta['id'] );
|
delete_metadata_by_mid( 'post', $meta['id'] );
|
||||||
}
|
}
|
||||||
} elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) {
|
} elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
|
||||||
add_post_meta( $post_id, $meta['key'], $meta['value'] );
|
add_post_meta( $post_id, $meta['key'], $meta['value'] );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue