After [29339] and [29341], add more unit tests and less ambiguous type-checking before bailing in meta-related functions that expect a numeric value for `$object_id`.
Props SergeyBiryukov. Fixes #28315. Built from https://develop.svn.wordpress.org/trunk@29421 git-svn-id: http://core.svn.wordpress.org/trunk@29199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor
parent
935f10413e
commit
eb66e40790
|
|
@ -27,17 +27,22 @@
|
|||
* @return int|bool The meta ID on success, false on failure.
|
||||
*/
|
||||
function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique = false) {
|
||||
if ( !$meta_type || !$meta_key )
|
||||
return false;
|
||||
|
||||
if ( !$object_id = absint($object_id) )
|
||||
return false;
|
||||
|
||||
if ( ! $table = _get_meta_table($meta_type) )
|
||||
return false;
|
||||
|
||||
global $wpdb;
|
||||
|
||||
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$object_id = absint( $object_id );
|
||||
if ( ! $object_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$table = _get_meta_table( $meta_type );
|
||||
if ( ! $table ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$column = sanitize_key($meta_type . '_id');
|
||||
|
||||
// expected_slashed ($meta_key)
|
||||
|
|
@ -134,17 +139,21 @@ function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique =
|
|||
* @return int|bool Meta ID if the key didn't exist, true on successful update, false on failure.
|
||||
*/
|
||||
function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_value = '') {
|
||||
if ( !$meta_type || !$meta_key )
|
||||
return false;
|
||||
global $wpdb;
|
||||
|
||||
if ( ! is_numeric( $object_id ) || ! $object_id = absint( $object_id ) ) {
|
||||
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $table = _get_meta_table($meta_type) )
|
||||
$object_id = absint( $object_id );
|
||||
if ( ! $object_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
global $wpdb;
|
||||
$table = _get_meta_table( $meta_type );
|
||||
if ( ! $table ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$column = sanitize_key($meta_type . '_id');
|
||||
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
|
||||
|
|
@ -282,17 +291,22 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v
|
|||
* @return bool True on successful delete, false on failure.
|
||||
*/
|
||||
function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false) {
|
||||
if ( !$meta_type || !$meta_key )
|
||||
return false;
|
||||
|
||||
if ( (!$object_id = absint($object_id)) && !$delete_all )
|
||||
return false;
|
||||
|
||||
if ( ! $table = _get_meta_table($meta_type) )
|
||||
return false;
|
||||
|
||||
global $wpdb;
|
||||
|
||||
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) && ! $delete_all ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$object_id = absint( $object_id );
|
||||
if ( ! $object_id && ! $delete_all ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$table = _get_meta_table( $meta_type );
|
||||
if ( ! $table ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$type_column = sanitize_key($meta_type . '_id');
|
||||
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
|
||||
// expected_slashed ($meta_key)
|
||||
|
|
@ -424,11 +438,14 @@ function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $d
|
|||
* @return string|array Single metadata value, or array of values
|
||||
*/
|
||||
function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) {
|
||||
if ( !$meta_type )
|
||||
if ( ! $meta_type || ! is_numeric( $object_id ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( !$object_id = absint($object_id) )
|
||||
$object_id = absint( $object_id );
|
||||
if ( ! $object_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Filter whether to retrieve metadata of a specific type.
|
||||
|
|
@ -488,11 +505,14 @@ function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) {
|
|||
* @return boolean true of the key is set, false if not.
|
||||
*/
|
||||
function metadata_exists( $meta_type, $object_id, $meta_key ) {
|
||||
if ( ! $meta_type )
|
||||
if ( ! $meta_type || ! is_numeric( $object_id ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $object_id = absint( $object_id ) )
|
||||
$object_id = absint( $object_id );
|
||||
if ( ! $object_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/** This filter is documented in wp-includes/meta.php */
|
||||
$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true );
|
||||
|
|
@ -524,14 +544,19 @@ function metadata_exists( $meta_type, $object_id, $meta_key ) {
|
|||
function get_metadata_by_mid( $meta_type, $meta_id ) {
|
||||
global $wpdb;
|
||||
|
||||
if ( ! $meta_type )
|
||||
if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( !$meta_id = absint( $meta_id ) )
|
||||
$meta_id = absint( $meta_id );
|
||||
if ( ! $meta_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $table = _get_meta_table($meta_type) )
|
||||
$table = _get_meta_table( $meta_type );
|
||||
if ( ! $table ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$id_column = ( 'user' == $meta_type ) ? 'umeta_id' : 'meta_id';
|
||||
|
||||
|
|
@ -564,14 +589,19 @@ function update_metadata_by_mid( $meta_type, $meta_id, $meta_value, $meta_key =
|
|||
global $wpdb;
|
||||
|
||||
// Make sure everything is valid.
|
||||
if ( ! $meta_type )
|
||||
if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $meta_id = absint( $meta_id ) )
|
||||
$meta_id = absint( $meta_id );
|
||||
if ( ! $meta_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $table = _get_meta_table( $meta_type ) )
|
||||
$table = _get_meta_table( $meta_type );
|
||||
if ( ! $table ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$column = sanitize_key($meta_type . '_id');
|
||||
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
|
||||
|
|
@ -651,14 +681,19 @@ function delete_metadata_by_mid( $meta_type, $meta_id ) {
|
|||
global $wpdb;
|
||||
|
||||
// Make sure everything is valid.
|
||||
if ( ! $meta_type )
|
||||
if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $meta_id = absint( $meta_id ) )
|
||||
$meta_id = absint( $meta_id );
|
||||
if ( ! $meta_id ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $table = _get_meta_table( $meta_type ) )
|
||||
$table = _get_meta_table( $meta_type );
|
||||
if ( ! $table ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// object and id columns
|
||||
$column = sanitize_key($meta_type . '_id');
|
||||
|
|
@ -729,16 +764,19 @@ function delete_metadata_by_mid( $meta_type, $meta_id ) {
|
|||
* @return mixed Metadata cache for the specified objects, or false on failure.
|
||||
*/
|
||||
function update_meta_cache($meta_type, $object_ids) {
|
||||
if ( empty( $meta_type ) || empty( $object_ids ) )
|
||||
return false;
|
||||
global $wpdb;
|
||||
|
||||
if ( ! $table = _get_meta_table($meta_type) )
|
||||
if ( ! $meta_type || ! $object_ids ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$table = _get_meta_table( $meta_type );
|
||||
if ( ! $table ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$column = sanitize_key($meta_type . '_id');
|
||||
|
||||
global $wpdb;
|
||||
|
||||
if ( !is_array($object_ids) ) {
|
||||
$object_ids = preg_replace('|[^0-9,]|', '', $object_ids);
|
||||
$object_ids = explode(',', $object_ids);
|
||||
|
|
|
|||
Loading…
Reference in New Issue