Changeset 23554 for trunk/wp-includes/post.php

Timestamp:

03/01/2013 04:28:40 PM (13 years ago)

Author:

ryan

Message:

Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767

File:

• trunk/wp-includes/post.php (modified) (16 diffs)

trunk/wp-includes/post.php

@@ -1678 +1678 @@
  *
  * @param int $post_id Post ID.
- * @param string $meta_key Metadata name (expected slashed).
- * @param mixed $meta_value Metadata value (expected slashed).
+ * @param string $meta_key Metadata name.
+ * @param mixed $meta_value Metadata value.
  * @param bool $unique Optional, default is false. Whether the same key should not be added.
  * @return bool False for failure. True for success.
  */
-function add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) {
-    //_deprecated_function( __FUNCTION__, '3.6', 'wp_add_post_meta() (expects unslashed data)' );
-
-    // expected slashed
-    $meta_key = stripslashes( $meta_key );
-    $meta_value = stripslashes_deep( $meta_value );
-
-    return wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique );
-}
-
-/**
- * Add meta data field to a post.
- *
- * Post meta data is called "Custom Fields" on the Administration Screen.
- *
- * @since 3.6.0
- * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta
- *
- * @param int $post_id Post ID.
- * @param string $meta_key Metadata name (clean, slashes already stripped).
- * @param mixed $meta_value Metadata value (clean, slashes already stripped).
- * @param bool $unique Optional, default is false. Whether the same key should not be added.
- * @return bool False for failure. True for success.
- */
-function wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) {
+function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
     // make sure meta is added to the post, not a revision
-    if ( $the_post = wp_is_post_revision( $post_id ) )
+    if ( $the_post = wp_is_post_revision($post_id) )
         $post_id = $the_post;
 
-    return add_metadata( 'post', $post_id, $meta_key, $meta_value, $unique );
+    return add_metadata('post', $post_id, $meta_key, $meta_value, $unique);
 }
 
@@ -1769 +1745 @@
  *
  * @param int $post_id Post ID.
- * @param string $meta_key Metadata key (expected slashed).
- * @param mixed $meta_value Metadata value (expected slashed).
+ * @param string $meta_key Metadata key.
+ * @param mixed $meta_value Metadata value.
  * @param mixed $prev_value Optional. Previous value to check before removing.
  * @return bool False on failure, true if success.
  */
-function update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) {
-    //_deprecated_function( __FUNCTION__, '3.6', 'wp_update_post_meta() (expects unslashed data)' );
-
-    // expected slashed
-    $meta_key = stripslashes( $meta_key );
-    $meta_value = stripslashes_deep( $meta_value );
-
-    return wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value );
-}
-
-/**
- * Update post meta field based on post ID.
- *
- * Use the $prev_value parameter to differentiate between meta fields with the
- * same key and post ID.
- *
- * If the meta field for the post does not exist, it will be added.
- *
- * @since 3.6.0
- * @uses $wpdb
- * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta
- *
- * @param int $post_id Post ID.
- * @param string $meta_key Metadata key (clean, slashes already stripped).
- * @param mixed $meta_value Metadata value (clean, slashes already stripped).
- * @param mixed $prev_value Optional. Previous value to check before removing.
- * @return bool False on failure, true if success.
- */
-function wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) {
+function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') {
     // make sure meta is added to the post, not a revision
-    if ( $the_post = wp_is_post_revision( $post_id ) )
+    if ( $the_post = wp_is_post_revision($post_id) )
         $post_id = $the_post;
 
-    return update_metadata( 'post', $post_id, $meta_key, $meta_value, $prev_value );
+    return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value);
 }
 
@@ -2394 +2342 @@
     do_action('wp_trash_post', $post_id);
 
-    wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
-    wp_add_post_meta($post_id,'_wp_trash_meta_time', time());
+    add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
+    add_post_meta($post_id,'_wp_trash_meta_time', time());
 
     $post['post_status'] = 'trash';
@@ -2471 +2419 @@
     foreach ( $comments as $comment )
         $statuses[$comment->comment_ID] = $comment->comment_approved;
-    wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
+    add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
 
     // Set status for all comments to post-trashed
@@ -2847 +2795 @@
     $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
 
+    // expected_slashed (everything!)
     $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
     $data = apply_filters('wp_insert_post_data', $data, $postarr);
+    $data = stripslashes_deep( $data );
     $where = array( 'ID' => $post_ID );
 
@@ -2861 +2811 @@
     } else {
         if ( isset($post_mime_type) )
-            $data['post_mime_type'] = $post_mime_type; // This isn't in the update
+            $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
         // If there is a suggested ID, use it if not already present
         if ( !empty($import_id) ) {
@@ -2922 +2872 @@
                 return 0;
         }
-        wp_update_post_meta($post_ID, '_wp_page_template',  $page_template);
+        update_post_meta($post_ID, '_wp_page_template',  $page_template);
     }
 
@@ -2955 +2905 @@
         // non-escaped post was passed
         $postarr = get_object_vars($postarr);
+        $postarr = add_magic_quotes($postarr);
     }
 
     // First, get all of the original fields
     $post = get_post($postarr['ID'], ARRAY_A);
+
+    // Escape data pulled from DB.
+    $post = add_magic_quotes($post);
 
     // Passed post category list overwrites existing category list if not empty.
@@ -3397 +3351 @@
         foreach( (array) $trackback_urls as $tb_url) {
             $tb_url = trim($tb_url);
-            trackback($tb_url, $post_title, $excerpt, $post_id);
+            trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);
         }
     }
@@ -3740 +3694 @@
         $join = " LEFT JOIN $wpdb->postmeta ON ( $wpdb->posts.ID = $wpdb->postmeta.post_id )";
 
+        // meta_key and meta_value might be slashed
+        $meta_key = stripslashes($meta_key);
+        $meta_value = stripslashes($meta_value);
         if ( ! empty( $meta_key ) )
             $where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key);
@@ -3964 +3921 @@
         $post_name = sanitize_title($post_name);
 
+    // expected_slashed ($post_name)
     $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
 
@@ -4006 +3964 @@
         $pinged = '';
 
+    // expected_slashed (everything!)
     $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
+    $data = stripslashes_deep( $data );
 
     if ( $update ) {
@@ -4051 +4011 @@
 
     if ( ! empty( $context ) )
-        wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
+        add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
 
     if ( $update) {
@@ -4438 +4398 @@
     // if we haven't added this old slug before, add it now
     if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) )
-        wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);
+        add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);
 
     // if the new slug was used previously, delete it from the list
@@ -4855 +4815 @@
 
     if ( get_option('default_pingback_flag') )
-        wp_add_post_meta( $post_id, '_pingme', '1' );
-    wp_add_post_meta( $post_id, '_encloseme', '1' );
+        add_post_meta( $post_id, '_pingme', '1' );
+    add_post_meta( $post_id, '_encloseme', '1' );
 
     wp_schedule_single_event(time(), 'do_pings');
@@ -4934 +4894 @@
     if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) {
         if ( $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ) )
-            return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );
+            return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );
         else
             return delete_post_meta( $post->ID, '_thumbnail_id' );