WordPress.org

Make WordPress Core

Ticket #6836: 6836.diff

File 6836.diff, 3.3 KB (added by DD32, 10 years ago)
  • wp-admin/includes/post.php

     
    360360
    361361        $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
    362362
    363         $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
    364         $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
    365         $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
    366         $metavalue = $wpdb->escape( $metavalue );
     363        $metakeyselect = stripslashes( trim( $_POST['metakeyselect'] ) );
     364        $metakeyinput = stripslashes( trim( $_POST['metakeyinput'] ) );
     365        $meta_value = maybe_serialize( stripslashes( trim( $_POST['metavalue'] ) ) );
    367366
    368         if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {
     367        if ( ('0' === $meta_value || !empty ( $meta_value ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {
    369368                // We have a key/value pair. If both the select and the
    370369                // input for the key have data, the input takes precedence:
    371370
    372371                if ('#NONE#' != $metakeyselect)
    373                         $metakey = $metakeyselect;
     372                        $meta_key = $metakeyselect;
    374373
    375374                if ( $metakeyinput)
    376                         $metakey = $metakeyinput; // default
     375                        $meta_key = $metakeyinput; // default
    377376
    378                 if ( in_array($metakey, $protected) )
     377                if ( in_array($meta_key, $protected) )
    379378                        return false;
    380379
    381380                wp_cache_delete($post_ID, 'post_meta');
    382381
    383                 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta
    384                         (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)",
    385                         $post_ID, $metakey, $metavalue) );
     382                $wpdb->insert( $wpdb->postmeta, compact('post_ID', 'meta_key', 'meta_value'));
     383
    386384                return $wpdb->insert_id;
    387385        }
    388386        return false;
     
    431429
    432430}
    433431
    434 function update_meta( $mid, $mkey, $mvalue ) {
     432function update_meta( $meta_id, $meta_key, $meta_value ) {
    435433        global $wpdb;
    436434
    437435        $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
    438436
    439         if ( in_array($mkey, $protected) )
     437        if ( in_array($meta_key, $protected) )
    440438                return false;
    441439
    442         $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
     440        $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) );
    443441        wp_cache_delete($post_id, 'post_meta');
    444442
    445         $mvalue = maybe_serialize( stripslashes( $mvalue ));
    446         $mvalue = $wpdb->escape( $mvalue );
    447         $mid = (int) $mid;
    448         return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->postmeta SET meta_key = %s, meta_value = %s WHERE meta_id = %d", $mkey, $mvalue, $mid) );
     443        $meta_value = maybe_serialize( stripslashes( $meta_value ));
     444        $meta_id = (int) $meta_id;
     445
     446        return $wpdb->update( $wpdb->postmeta, compact('meta_key', 'meta_value'), compact('meta_id') );
    449447}
    450448
    451449//
     
    498496        global $wpdb;
    499497        $old_ID = (int) $old_ID;
    500498        $new_ID = (int) $new_ID;
    501         return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) );
     499        return $wpdb->update($wpdb->posts, array('post_parent' => $new_ID), array('post_parent' => $old_ID) );
    502500}
    503501
    504502function get_available_post_statuses($type = 'post') {