Changeset 18449
- Timestamp:
- 07/21/2011 07:32:12 PM (13 years ago)
- Location:
- trunk/wp-admin
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-ajax.php
r18445 r18449 870 870 if ( !$meta = get_post_meta_by_id( $mid ) ) 871 871 die('0'); // if meta doesn't exist 872 if ( is_protected_meta( $meta->meta_key, 'post' ) || !current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) ) 872 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || 873 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || 874 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) 873 875 die('-1'); 874 876 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) { -
trunk/wp-admin/includes/post.php
r18445 r18449 668 668 $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : ''; 669 669 $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : ''; 670 $metavalue = isset($_POST['metavalue']) ? maybe_serialize( stripslashes_deep( $_POST['metavalue'] ) ): '';671 if ( is_string( $metavalue) )670 $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : ''; 671 if ( is_string( $metavalue ) ) 672 672 $metavalue = trim( $metavalue ); 673 673 674 if ( ('0' === $metavalue || ! empty ( $metavalue ) ) && ( (('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {674 if ( ('0' === $metavalue || ! empty ( $metavalue ) ) && ( ( ( '#NONE#' != $metakeyselect ) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput ) ) ) { 675 675 // We have a key/value pair. If both the select and the 676 676 // input for the key have data, the input takes precedence: 677 677 678 if ( '#NONE#' != $metakeyselect)678 if ( '#NONE#' != $metakeyselect ) 679 679 $metakey = $metakeyselect; 680 680 681 if ( $metakeyinput )681 if ( $metakeyinput ) 682 682 $metakey = $metakeyinput; // default 683 683 … … 685 685 return false; 686 686 687 return add_post_meta($post_ID, $metakey, $metavalue); 687 $metakey = esc_sql( $metakey ); 688 689 return add_post_meta( $post_ID, $metakey, $metavalue ); 688 690 } 689 691
Note: See TracChangeset
for help on using the changeset viewer.