diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index 46ed65fb02..8e3a75821d 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -336,6 +336,8 @@ function add_meta( $post_ID ) { global $wpdb; $post_ID = (int) $post_ID; + $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' ); + $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) ); $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) ); $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) )); @@ -351,6 +353,9 @@ function add_meta( $post_ID ) { if ( $metakeyinput) $metakey = $metakeyinput; // default + if ( in_array($metakey, $protected) ) + return false; + $result = $wpdb->query( " INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) @@ -405,6 +410,12 @@ function has_meta( $postid ) { function update_meta( $mid, $mkey, $mvalue ) { global $wpdb; + + $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' ); + + if ( in_array($mkey, $protected) ) + return false; + $mvalue = maybe_serialize( stripslashes( $mvalue )); $mvalue = $wpdb->escape( $mvalue ); $mid = (int) $mid;