WordPress.org

Make WordPress Core

Ticket #12416: 12416.3.diff

File 12416.3.diff, 2.7 KB (added by nacin, 11 years ago)

Expect unslashed in meta api

  • wp-includes/meta.php

     
    2121 *
    2222 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user)
    2323 * @param int $object_id ID of the object metadata is for
    24  * @param string $meta_key Metadata key
     24 * @param string $meta_key Metadata key. Expected unslashed.
    2525 * @param string $meta_value Metadata value
    2626 * @param bool $unique Optional, default is false.  Whether the specified metadata key should be
    2727 *              unique for the object.  If true, and the object already has a value for the specified
     
    4242
    4343        $column = esc_sql($meta_type . '_id');
    4444
    45         // expected_slashed ($meta_key)
    46         $meta_key = stripslashes($meta_key);
    47 
    4845        if ( $unique && $wpdb->get_var( $wpdb->prepare(
    4946                "SELECT COUNT(*) FROM $table WHERE meta_key = %s AND $column = %d",
    5047                $meta_key, $object_id ) ) )
     
    8279 *
    8380 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user)
    8481 * @param int $object_id ID of the object metadata is for
    85  * @param string $meta_key Metadata key
     82 * @param string $meta_key Metadata key. Expected unslashed.
    8683 * @param string $meta_value Metadata value
    8784 * @param string $prev_value Optional.  If specified, only update existing metadata entries with
    8885 *              the specified value.  Otherwise, update all entries.
     
    103100        $column = esc_sql($meta_type . '_id');
    104101        $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
    105102
    106         // expected_slashed ($meta_key)
    107         $meta_key = stripslashes($meta_key);
    108 
    109103        if ( ! $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) ) )
    110104                return add_metadata($meta_type, $object_id, $meta_key, $meta_value);
    111105
     
    143137 *
    144138 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user)
    145139 * @param int $object_id ID of the object metadata is for
    146  * @param string $meta_key Metadata key
     140 * @param string $meta_key Metadata key. Expected unslashed.
    147141 * @param string $meta_value Optional. Metadata value.  If specified, only delete metadata entries
    148142 *              with this value.  Otherwise, delete all entries with the specified meta_key.
    149143 * @param bool $delete_all Optional, default is false.  If true, delete matching metadata entries
     
    165159
    166160        $type_column = esc_sql($meta_type . '_id');
    167161        $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
    168         // expected_slashed ($meta_key)
    169         $meta_key = stripslashes($meta_key);
     162
    170163        $meta_value = maybe_serialize( stripslashes_deep($meta_value) );
    171164
    172165        $query = $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s", $meta_key );