Ticket #28315: 28315.2.diff
File 28315.2.diff, 6.6 KB (added by , 10 years ago) |
---|
-
src/wp-includes/meta.php
27 27 * @return int|bool The meta ID on success, false on failure. 28 28 */ 29 29 function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique = false) { 30 if ( !$meta_type || !$meta_key ) 30 global $wpdb; 31 32 if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) { 31 33 return false; 34 } 32 35 33 if ( !$object_id = absint($object_id) ) 36 $object_id = absint( $object_id ); 37 if ( ! $object_id ) { 34 38 return false; 39 } 35 40 36 if ( ! $table = _get_meta_table($meta_type) ) 41 $table = _get_meta_table( $meta_type ); 42 if ( ! $table ) { 37 43 return false; 44 } 38 45 39 global $wpdb;40 41 46 $column = sanitize_key($meta_type . '_id'); 42 47 43 48 // expected_slashed ($meta_key) … … 134 139 * @return int|bool Meta ID if the key didn't exist, true on successful update, false on failure. 135 140 */ 136 141 function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_value = '') { 137 if ( !$meta_type || !$meta_key ) 142 global $wpdb; 143 144 if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) { 138 145 return false; 146 } 139 147 140 if ( ! is_numeric( $object_id ) || ! $object_id = absint( $object_id ) ) { 148 $object_id = absint( $object_id ); 149 if ( ! $object_id ) { 141 150 return false; 142 151 } 143 152 144 if ( ! $table = _get_meta_table($meta_type) ) 153 $table = _get_meta_table( $meta_type ); 154 if ( ! $table ) { 145 155 return false; 156 } 146 157 147 global $wpdb;148 149 158 $column = sanitize_key($meta_type . '_id'); 150 159 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 151 160 … … 282 291 * @return bool True on successful delete, false on failure. 283 292 */ 284 293 function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false) { 285 if ( !$meta_type || !$meta_key ) 294 global $wpdb; 295 296 if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) { 286 297 return false; 298 } 287 299 288 if ( (!$object_id = absint($object_id)) && !$delete_all ) 300 $object_id = absint( $object_id ); 301 if ( ! $object_id && ! $delete_all ) { 289 302 return false; 303 } 290 304 291 if ( ! $table = _get_meta_table($meta_type) ) 305 $table = _get_meta_table( $meta_type ); 306 if ( ! $table ) { 292 307 return false; 308 } 293 309 294 global $wpdb;295 296 310 $type_column = sanitize_key($meta_type . '_id'); 297 311 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 298 312 // expected_slashed ($meta_key) … … 424 438 * @return string|array Single metadata value, or array of values 425 439 */ 426 440 function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) { 427 if ( ! $meta_type )441 if ( ! $meta_type || ! is_numeric( $object_id ) ) { 428 442 return false; 443 } 429 444 430 if ( !$object_id = absint($object_id) ) 445 $object_id = absint( $object_id ); 446 if ( ! $object_id ) { 431 447 return false; 448 } 432 449 433 450 /** 434 451 * Filter whether to retrieve metadata of a specific type. … … 488 505 * @return boolean true of the key is set, false if not. 489 506 */ 490 507 function metadata_exists( $meta_type, $object_id, $meta_key ) { 491 if ( ! $meta_type )508 if ( ! $meta_type || ! is_numeric( $object_id ) ) { 492 509 return false; 510 } 493 511 494 if ( ! $object_id = absint( $object_id ) ) 512 $object_id = absint( $object_id ); 513 if ( ! $object_id ) { 495 514 return false; 515 } 496 516 497 517 /** This filter is documented in wp-includes/meta.php */ 498 518 $check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true ); … … 524 544 function get_metadata_by_mid( $meta_type, $meta_id ) { 525 545 global $wpdb; 526 546 527 if ( ! $meta_type )547 if ( ! $meta_type || ! is_numeric( $meta_id ) ) { 528 548 return false; 549 } 529 550 530 if ( !$meta_id = absint( $meta_id ) ) 551 $meta_id = absint( $meta_id ); 552 if ( ! $meta_id ) { 531 553 return false; 554 } 532 555 533 if ( ! $table = _get_meta_table($meta_type) ) 556 $table = _get_meta_table( $meta_type ); 557 if ( ! $table ) { 534 558 return false; 559 } 535 560 536 561 $id_column = ( 'user' == $meta_type ) ? 'umeta_id' : 'meta_id'; 537 562 … … 564 589 global $wpdb; 565 590 566 591 // Make sure everything is valid. 567 if ( ! $meta_type )592 if ( ! $meta_type || ! is_numeric( $meta_id ) ) { 568 593 return false; 594 } 569 595 570 if ( ! $meta_id = absint( $meta_id ) ) 596 $meta_id = absint( $meta_id ); 597 if ( ! $meta_id ) { 571 598 return false; 599 } 572 600 573 if ( ! $table = _get_meta_table( $meta_type ) ) 601 $table = _get_meta_table( $meta_type ); 602 if ( ! $table ) { 574 603 return false; 604 } 575 605 576 606 $column = sanitize_key($meta_type . '_id'); 577 607 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; … … 651 681 global $wpdb; 652 682 653 683 // Make sure everything is valid. 654 if ( ! $meta_type )684 if ( ! $meta_type || ! is_numeric( $meta_id ) ) { 655 685 return false; 686 } 656 687 657 if ( ! $meta_id = absint( $meta_id ) ) 688 $meta_id = absint( $meta_id ); 689 if ( ! $meta_id ) { 658 690 return false; 691 } 659 692 660 if ( ! $table = _get_meta_table( $meta_type ) ) 693 $table = _get_meta_table( $meta_type ); 694 if ( ! $table ) { 661 695 return false; 696 } 662 697 663 698 // object and id columns 664 699 $column = sanitize_key($meta_type . '_id'); … … 729 764 * @return mixed Metadata cache for the specified objects, or false on failure. 730 765 */ 731 766 function update_meta_cache($meta_type, $object_ids) { 732 if ( empty( $meta_type ) || empty( $object_ids ) ) 767 global $wpdb; 768 769 if ( ! $meta_type || ! $object_ids ) { 733 770 return false; 771 } 734 772 735 if ( ! $table = _get_meta_table($meta_type) ) 773 $table = _get_meta_table( $meta_type ); 774 if ( ! $table ) { 736 775 return false; 776 } 737 777 738 778 $column = sanitize_key($meta_type . '_id'); 739 779 740 global $wpdb;741 742 780 if ( !is_array($object_ids) ) { 743 781 $object_ids = preg_replace('|[^0-9,]|', '', $object_ids); 744 782 $object_ids = explode(',', $object_ids); -
tests/phpunit/tests/meta.php
236 236 237 237 $this->assertEquals( wp_list_pluck( $posts, 'post_title' ), wp_list_pluck( $posts2, 'post_title' ) ); 238 238 } 239 240 /** 241 * @ticket 28315 242 */ 243 function test_non_numeric_object_id() { 244 $this->assertFalse( add_metadata( 'user', array( 1 ), 'meta_key', 'meta_value' ) ); 245 $this->assertFalse( update_metadata( 'user', array( 1 ), 'meta_key', 'meta_new_value' ) ); 246 $this->assertFalse( delete_metadata( 'user', array( 1 ), 'meta_key' ) ); 247 $this->assertFalse( get_metadata( 'user', array( 1 ) ) ); 248 $this->assertFalse( metadata_exists( 'user', array( 1 ), 'meta_key' ) ); 249 } 250 251 /** 252 * @ticket 28315 253 */ 254 function test_non_numeric_meta_id() { 255 $this->assertFalse( get_metadata_by_mid( 'user', array( 1 ) ) ); 256 $this->assertFalse( update_metadata_by_mid( 'user', array( 1 ), 'meta_new_value' ) ); 257 $this->assertFalse( delete_metadata_by_mid( 'user', array( 1 ) ) ); 258 } 239 259 }