WordPress.org

Make WordPress Core


Ignore:
Timestamp:
02/28/2010 07:12:05 AM (10 years ago)
Author:
dd32
Message:

Fix slashing in Custom fields values. Allow for the meta_key to be updated without changing meta_value. Use wpdb::insert in add_meta(). Fixes #12418

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/post.php

    r13453 r13489  
    598598
    599599        wp_cache_delete($post_ID, 'post_meta');
    600 
    601         $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) );
     600        $wpdb->insert( $wpdb->postmeta, array( 'post_id' => $post_ID, 'meta_key' => $metakey, 'meta_value' => $metavalue ) );
    602601        do_action( 'added_postmeta', $wpdb->insert_id, $post_ID, $metakey, $metavalue );
    603602
     
    691690 *
    692691 * @param unknown_type $meta_id
    693  * @param unknown_type $meta_key
    694  * @param unknown_type $meta_value
     692 * @param unknown_type $meta_key Expect Slashed
     693 * @param unknown_type $meta_value Expect Slashed
    695694 * @return unknown
    696695 */
     
    699698
    700699    $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
     700
     701    $meta_key = stripslashes($meta_key);
    701702
    702703    if ( in_array($meta_key, $protected) )
Note: See TracChangeset for help on using the changeset viewer.