WordPress.org

Make WordPress Core

Ticket #12416: 12416.3.diff

File 12416.3.diff, 2.7 KB (added by nacin, 4 years ago)

Expect unslashed in meta api

  • wp-includes/meta.php

     
    2121 * 
    2222 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user) 
    2323 * @param int $object_id ID of the object metadata is for 
    24  * @param string $meta_key Metadata key 
     24 * @param string $meta_key Metadata key. Expected unslashed. 
    2525 * @param string $meta_value Metadata value 
    2626 * @param bool $unique Optional, default is false.  Whether the specified metadata key should be 
    2727 *              unique for the object.  If true, and the object already has a value for the specified 
     
    4242 
    4343        $column = esc_sql($meta_type . '_id'); 
    4444 
    45         // expected_slashed ($meta_key) 
    46         $meta_key = stripslashes($meta_key); 
    47  
    4845        if ( $unique && $wpdb->get_var( $wpdb->prepare( 
    4946                "SELECT COUNT(*) FROM $table WHERE meta_key = %s AND $column = %d", 
    5047                $meta_key, $object_id ) ) ) 
     
    8279 * 
    8380 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user) 
    8481 * @param int $object_id ID of the object metadata is for 
    85  * @param string $meta_key Metadata key 
     82 * @param string $meta_key Metadata key. Expected unslashed. 
    8683 * @param string $meta_value Metadata value 
    8784 * @param string $prev_value Optional.  If specified, only update existing metadata entries with 
    8885 *              the specified value.  Otherwise, update all entries. 
     
    103100        $column = esc_sql($meta_type . '_id'); 
    104101        $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 
    105102 
    106         // expected_slashed ($meta_key) 
    107         $meta_key = stripslashes($meta_key); 
    108  
    109103        if ( ! $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) ) ) 
    110104                return add_metadata($meta_type, $object_id, $meta_key, $meta_value); 
    111105 
     
    143137 * 
    144138 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user) 
    145139 * @param int $object_id ID of the object metadata is for 
    146  * @param string $meta_key Metadata key 
     140 * @param string $meta_key Metadata key. Expected unslashed. 
    147141 * @param string $meta_value Optional. Metadata value.  If specified, only delete metadata entries 
    148142 *              with this value.  Otherwise, delete all entries with the specified meta_key. 
    149143 * @param bool $delete_all Optional, default is false.  If true, delete matching metadata entries 
     
    165159 
    166160        $type_column = esc_sql($meta_type . '_id'); 
    167161        $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 
    168         // expected_slashed ($meta_key) 
    169         $meta_key = stripslashes($meta_key); 
     162 
    170163        $meta_value = maybe_serialize( stripslashes_deep($meta_value) ); 
    171164 
    172165        $query = $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s", $meta_key );