Changeset 29421
- Timestamp:
- 08/06/2014 10:07:42 PM (10 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/meta.php
r29339 r29421 28 28 */ 29 29 function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique = false) { 30 if ( !$meta_type || !$meta_key )31 return false;32 33 if ( !$object_id = absint($object_id) )34 return false;35 36 if ( ! $table = _get_meta_table($meta_type) )37 return false;38 39 30 global $wpdb; 31 32 if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) { 33 return false; 34 } 35 36 $object_id = absint( $object_id ); 37 if ( ! $object_id ) { 38 return false; 39 } 40 41 $table = _get_meta_table( $meta_type ); 42 if ( ! $table ) { 43 return false; 44 } 40 45 41 46 $column = sanitize_key($meta_type . '_id'); … … 135 140 */ 136 141 function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_value = '') { 137 if ( !$meta_type || !$meta_key )138 return false;139 140 if ( ! is_numeric( $object_id ) || ! $object_id = absint( $object_id ) ) {141 return false;142 }143 144 if ( ! $table = _get_meta_table($meta_type) )145 return false;146 147 142 global $wpdb; 143 144 if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) { 145 return false; 146 } 147 148 $object_id = absint( $object_id ); 149 if ( ! $object_id ) { 150 return false; 151 } 152 153 $table = _get_meta_table( $meta_type ); 154 if ( ! $table ) { 155 return false; 156 } 148 157 149 158 $column = sanitize_key($meta_type . '_id'); … … 283 292 */ 284 293 function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false) { 285 if ( !$meta_type || !$meta_key )286 return false;287 288 if ( (!$object_id = absint($object_id)) && !$delete_all )289 return false;290 291 if ( ! $table = _get_meta_table($meta_type) )292 return false;293 294 294 global $wpdb; 295 296 if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) && ! $delete_all ) { 297 return false; 298 } 299 300 $object_id = absint( $object_id ); 301 if ( ! $object_id && ! $delete_all ) { 302 return false; 303 } 304 305 $table = _get_meta_table( $meta_type ); 306 if ( ! $table ) { 307 return false; 308 } 295 309 296 310 $type_column = sanitize_key($meta_type . '_id'); … … 425 439 */ 426 440 function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) { 427 if ( !$meta_type ) 428 return false; 429 430 if ( !$object_id = absint($object_id) ) 431 return false; 441 if ( ! $meta_type || ! is_numeric( $object_id ) ) { 442 return false; 443 } 444 445 $object_id = absint( $object_id ); 446 if ( ! $object_id ) { 447 return false; 448 } 432 449 433 450 /** … … 489 506 */ 490 507 function metadata_exists( $meta_type, $object_id, $meta_key ) { 491 if ( ! $meta_type ) 492 return false; 493 494 if ( ! $object_id = absint( $object_id ) ) 495 return false; 508 if ( ! $meta_type || ! is_numeric( $object_id ) ) { 509 return false; 510 } 511 512 $object_id = absint( $object_id ); 513 if ( ! $object_id ) { 514 return false; 515 } 496 516 497 517 /** This filter is documented in wp-includes/meta.php */ … … 525 545 global $wpdb; 526 546 527 if ( ! $meta_type ) 528 return false; 529 530 if ( !$meta_id = absint( $meta_id ) ) 531 return false; 532 533 if ( ! $table = _get_meta_table($meta_type) ) 534 return false; 547 if ( ! $meta_type || ! is_numeric( $meta_id ) ) { 548 return false; 549 } 550 551 $meta_id = absint( $meta_id ); 552 if ( ! $meta_id ) { 553 return false; 554 } 555 556 $table = _get_meta_table( $meta_type ); 557 if ( ! $table ) { 558 return false; 559 } 535 560 536 561 $id_column = ( 'user' == $meta_type ) ? 'umeta_id' : 'meta_id'; … … 565 590 566 591 // Make sure everything is valid. 567 if ( ! $meta_type ) 568 return false; 569 570 if ( ! $meta_id = absint( $meta_id ) ) 571 return false; 572 573 if ( ! $table = _get_meta_table( $meta_type ) ) 574 return false; 592 if ( ! $meta_type || ! is_numeric( $meta_id ) ) { 593 return false; 594 } 595 596 $meta_id = absint( $meta_id ); 597 if ( ! $meta_id ) { 598 return false; 599 } 600 601 $table = _get_meta_table( $meta_type ); 602 if ( ! $table ) { 603 return false; 604 } 575 605 576 606 $column = sanitize_key($meta_type . '_id'); … … 652 682 653 683 // Make sure everything is valid. 654 if ( ! $meta_type ) 655 return false; 656 657 if ( ! $meta_id = absint( $meta_id ) ) 658 return false; 659 660 if ( ! $table = _get_meta_table( $meta_type ) ) 661 return false; 684 if ( ! $meta_type || ! is_numeric( $meta_id ) ) { 685 return false; 686 } 687 688 $meta_id = absint( $meta_id ); 689 if ( ! $meta_id ) { 690 return false; 691 } 692 693 $table = _get_meta_table( $meta_type ); 694 if ( ! $table ) { 695 return false; 696 } 662 697 663 698 // object and id columns … … 730 765 */ 731 766 function update_meta_cache($meta_type, $object_ids) { 732 if ( empty( $meta_type ) || empty( $object_ids ) ) 733 return false; 734 735 if ( ! $table = _get_meta_table($meta_type) ) 736 return false; 767 global $wpdb; 768 769 if ( ! $meta_type || ! $object_ids ) { 770 return false; 771 } 772 773 $table = _get_meta_table( $meta_type ); 774 if ( ! $table ) { 775 return false; 776 } 737 777 738 778 $column = sanitize_key($meta_type . '_id'); 739 740 global $wpdb;741 779 742 780 if ( !is_array($object_ids) ) { -
trunk/tests/phpunit/tests/meta.php
r28659 r29421 237 237 $this->assertEquals( wp_list_pluck( $posts, 'post_title' ), wp_list_pluck( $posts2, 'post_title' ) ); 238 238 } 239 240 /** 241 * @ticket 28315 242 */ 243 function test_non_numeric_object_id() { 244 $this->assertFalse( add_metadata( 'user', array( 1 ), 'meta_key', 'meta_value' ) ); 245 $this->assertFalse( update_metadata( 'user', array( 1 ), 'meta_key', 'meta_new_value' ) ); 246 $this->assertFalse( delete_metadata( 'user', array( 1 ), 'meta_key' ) ); 247 $this->assertFalse( get_metadata( 'user', array( 1 ) ) ); 248 $this->assertFalse( metadata_exists( 'user', array( 1 ), 'meta_key' ) ); 249 } 250 251 /** 252 * @ticket 28315 253 */ 254 function test_non_numeric_meta_id() { 255 $this->assertFalse( get_metadata_by_mid( 'user', array( 1 ) ) ); 256 $this->assertFalse( update_metadata_by_mid( 'user', array( 1 ), 'meta_new_value' ) ); 257 $this->assertFalse( delete_metadata_by_mid( 'user', array( 1 ) ) ); 258 } 239 259 }
Note: See TracChangeset
for help on using the changeset viewer.