Use stripslashes_deep to strip meta values. Props JonathanRogers, Sewar. fixes #10656

git-svn-id: http://svn.automattic.com/wordpress/trunk@12336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-12-08 00:48:39 +00:00
parent 6c8f698427
commit d3c9fbd0c8
1 changed files with 4 additions and 2 deletions

View File

@ -559,7 +559,9 @@ function add_meta( $post_ID ) {
$metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
$metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
$metavalue = isset($_POST['metavalue']) ? maybe_serialize( stripslashes( trim( $_POST['metavalue'] ) ) ) : '';
$metavalue = isset($_POST['metavalue']) ? maybe_serialize( stripslashes_deep( $_POST['metavalue'] ) ) : '';
if ( is_string($metavalue) )
$metavalue = trim( $metavalue );
if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {
// We have a key/value pair. If both the select and the
@ -686,7 +688,7 @@ function update_meta( $meta_id, $meta_key, $meta_value ) {
$post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) );
wp_cache_delete($post_id, 'post_meta');
$meta_value = maybe_serialize( stripslashes( $meta_value ) );
$meta_value = maybe_serialize( stripslashes_deep( $meta_value ) );
$meta_id = (int) $meta_id;
$data = compact( 'meta_key', 'meta_value' );