Index: wp-admin/admin-ajax.php =================================================================== --- wp-admin/admin-ajax.php (revision 18448) +++ wp-admin/admin-ajax.php (working copy) @@ -869,7 +869,7 @@ die(__('Please provide a custom field value.')); if ( !$meta = get_post_meta_by_id( $mid ) ) die('0'); // if meta doesn't exist - if ( is_protected_meta( $meta->meta_key, 'post' ) || !current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) ) + if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || !current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) ) die('-1'); if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) { if ( !$u = update_meta( $mid, $key, $value ) ) Index: wp-admin/includes/post.php =================================================================== --- wp-admin/includes/post.php (revision 18448) +++ wp-admin/includes/post.php (working copy) @@ -667,24 +667,26 @@ $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : ''; $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : ''; - $metavalue = isset($_POST['metavalue']) ? maybe_serialize( stripslashes_deep( $_POST['metavalue'] ) ) : ''; - if ( is_string($metavalue) ) + $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : ''; + if ( is_string( $metavalue ) ) $metavalue = trim( $metavalue ); - if ( ('0' === $metavalue || ! empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) { + if ( ('0' === $metavalue || ! empty ( $metavalue ) ) && ( ( ( '#NONE#' != $metakeyselect ) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput ) ) ) { // We have a key/value pair. If both the select and the // input for the key have data, the input takes precedence: - if ('#NONE#' != $metakeyselect) + if ( '#NONE#' != $metakeyselect ) $metakey = $metakeyselect; - if ( $metakeyinput) + if ( $metakeyinput ) $metakey = $metakeyinput; // default if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) ) return false; - return add_post_meta($post_ID, $metakey, $metavalue); + $metakey = esc_sql( $metakey ); + + return add_post_meta( $post_ID, $metakey, $metavalue ); } return false;