WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent editing of protected meta keys. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@5723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-06-18 16:28:11 +00:00
parent c09f6ffbdb
commit e8dc080307
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wp-admin/includes/post.php
View File

@ -336,6 +336,8 @@ function add_meta( $post_ID ) {
global $wpdb; global $wpdb;
$post_ID = (int) $post_ID; $post_ID = (int) $post_ID;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' );
$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) ); $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) ); $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) )); $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
@ -351,6 +353,9 @@ function add_meta( $post_ID ) {
if ( $metakeyinput) if ( $metakeyinput)
$metakey = $metakeyinput; // default $metakey = $metakeyinput; // default
if ( in_array($metakey, $protected) )
return false;
$result = $wpdb->query( " $result = $wpdb->query( "
INSERT INTO $wpdb->postmeta INSERT INTO $wpdb->postmeta
(post_id,meta_key,meta_value ) (post_id,meta_key,meta_value )
@ -405,6 +410,12 @@ function has_meta( $postid ) {
function update_meta( $mid, $mkey, $mvalue ) { function update_meta( $mid, $mkey, $mvalue ) {
global $wpdb; global $wpdb;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' );
if ( in_array($mkey, $protected) )
return false;
$mvalue = maybe_serialize( stripslashes( $mvalue )); $mvalue = maybe_serialize( stripslashes( $mvalue ));
$mvalue = $wpdb->escape( $mvalue ); $mvalue = $wpdb->escape( $mvalue );
$mid = (int) $mid; $mid = (int) $mid;