Ticket #12416: 12416.3.diff
File 12416.3.diff, 2.7 KB (added by , 15 years ago) |
---|
-
wp-includes/meta.php
21 21 * 22 22 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user) 23 23 * @param int $object_id ID of the object metadata is for 24 * @param string $meta_key Metadata key 24 * @param string $meta_key Metadata key. Expected unslashed. 25 25 * @param string $meta_value Metadata value 26 26 * @param bool $unique Optional, default is false. Whether the specified metadata key should be 27 27 * unique for the object. If true, and the object already has a value for the specified … … 42 42 43 43 $column = esc_sql($meta_type . '_id'); 44 44 45 // expected_slashed ($meta_key)46 $meta_key = stripslashes($meta_key);47 48 45 if ( $unique && $wpdb->get_var( $wpdb->prepare( 49 46 "SELECT COUNT(*) FROM $table WHERE meta_key = %s AND $column = %d", 50 47 $meta_key, $object_id ) ) ) … … 82 79 * 83 80 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user) 84 81 * @param int $object_id ID of the object metadata is for 85 * @param string $meta_key Metadata key 82 * @param string $meta_key Metadata key. Expected unslashed. 86 83 * @param string $meta_value Metadata value 87 84 * @param string $prev_value Optional. If specified, only update existing metadata entries with 88 85 * the specified value. Otherwise, update all entries. … … 103 100 $column = esc_sql($meta_type . '_id'); 104 101 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 105 102 106 // expected_slashed ($meta_key)107 $meta_key = stripslashes($meta_key);108 109 103 if ( ! $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) ) ) 110 104 return add_metadata($meta_type, $object_id, $meta_key, $meta_value); 111 105 … … 143 137 * 144 138 * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user) 145 139 * @param int $object_id ID of the object metadata is for 146 * @param string $meta_key Metadata key 140 * @param string $meta_key Metadata key. Expected unslashed. 147 141 * @param string $meta_value Optional. Metadata value. If specified, only delete metadata entries 148 142 * with this value. Otherwise, delete all entries with the specified meta_key. 149 143 * @param bool $delete_all Optional, default is false. If true, delete matching metadata entries … … 165 159 166 160 $type_column = esc_sql($meta_type . '_id'); 167 161 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 168 // expected_slashed ($meta_key) 169 $meta_key = stripslashes($meta_key); 162 170 163 $meta_value = maybe_serialize( stripslashes_deep($meta_value) ); 171 164 172 165 $query = $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s", $meta_key );