Changeset 17994 for trunk/wp-includes/meta.php

Timestamp:

05/22/2011 11:19:42 PM (15 years ago)

Author:

ryan

Message:

Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.

File:

• trunk/wp-includes/meta.php (modified) (3 diffs)

trunk/wp-includes/meta.php

@@ -46 +46 @@
     $meta_key = stripslashes($meta_key);
     $meta_value = stripslashes_deep($meta_value);
+    $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
 
     $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
@@ -114 +115 @@
     $meta_key = stripslashes($meta_key);
     $meta_value = stripslashes_deep($meta_value);
+    $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
 
     $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
@@ -577 +579 @@
     return $wpdb->$table_name;
 }
+
+/**
+ * Determine whether a meta key is protected
+ *
+ * @since 3.2.0
+ *
+ * @param string $meta_key Meta key
+ * @return bool True if the key is protected, false otherwise.
+ */
+function is_protected_meta( $meta_key, $meta_type = null ) {
+    $protected = (  '_' == $meta_key[0] );
+
+    return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type );
+}
+
+/**
+ * Sanitize meta value
+ *
+ * @since 3.2.0
+ *
+ * @param string $meta_key Meta key
+ * @param mixed $meta_value Meta value to sanitize
+ * @param string $meta_type Type of meta
+ * @return mixed Sanitized $meta_value
+ */
+function sanitize_meta( $meta_key, $meta_value, $meta_type = null ) {
+    return apply_filters( 'sanitize_meta', $meta_value, $meta_key, $meta_type );
+}
+
 ?>