Changeset 38699

Timestamp:

10/01/2016 06:27:27 AM (7 years ago)

Author:

peterwilsoncc

Message:

Meta: Improve ID casting when getting, updating or deleting meta data.

Blindly casting IDs to absolute integers in get_metadata_by_mid(), update_metadata_by_mid() and delete_metadata_by_mid() can cause unexpected behaviour when a floating or negative number is passed.

Fixes #37746.

Location:

trunk

Files:

• src/wp-includes/meta.php (modified) (3 diffs)
• tests/phpunit/tests/meta.php (modified) (1 diff)

trunk/src/wp-includes/meta.php

@@ -568 +568 @@
     global $wpdb;
 
-    if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
-        return false;
-    }
-
-    $meta_id = absint( $meta_id );
-    if ( ! $meta_id ) {
+    if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
+        return false;
+    }
+
+    $meta_id = intval( $meta_id );
+    if ( $meta_id <= 0 ) {
         return false;
     }
@@ -612 +612 @@
 
     // Make sure everything is valid.
-    if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
-        return false;
-    }
-
-    $meta_id = absint( $meta_id );
-    if ( ! $meta_id ) {
+    if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
+        return false;
+    }
+
+    $meta_id = intval( $meta_id );
+    if ( $meta_id <= 0 ) {
         return false;
     }
@@ -703 +703 @@
 
     // Make sure everything is valid.
-    if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
-        return false;
-    }
-
-    $meta_id = absint( $meta_id );
-    if ( ! $meta_id ) {
+    if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
+        return false;
+    }
+
+    $meta_id = intval( $meta_id );
+    if ( $meta_id <= 0 ) {
         return false;
     }

trunk/tests/phpunit/tests/meta.php

@@ -294 +294 @@
 
     /**
+     * @ticket 37746
+     */
+    function test_negative_meta_id() {
+        $negative_mid = $this->meta_id * -1;
+
+        $this->assertTrue( $negative_mid < 0 );
+        $this->assertFalse( get_metadata_by_mid( 'user', $negative_mid ) );
+        $this->assertFalse( update_metadata_by_mid( 'user', $negative_mid, 'meta_new_value' ) );
+        $this->assertFalse( delete_metadata_by_mid( 'user', $negative_mid ) );
+    }
+
+    /**
+     * @ticket 37746
+     */
+    function test_floating_meta_id() {
+        $floating_mid = $this->meta_id + 0.1337;
+
+        $this->assertTrue( floor( $floating_mid ) !== $floating_mid );
+        $this->assertFalse( get_metadata_by_mid( 'user', $floating_mid ) );
+        $this->assertFalse( update_metadata_by_mid( 'user', $floating_mid, 'meta_new_value' ) );
+        $this->assertFalse( delete_metadata_by_mid( 'user', $floating_mid ) );
+    }
+
+    /**
+     * @ticket 37746
+     */
+    function test_string_point_zero_meta_id() {
+        $meta_id = add_metadata( 'user', $this->author->ID, 'meta_key', 'meta_value_2' );
+
+        $string_mid = "{$meta_id}.0";
+
+        $this->assertTrue( floor( $string_mid ) == $string_mid );
+        $this->assertNotEquals( false, get_metadata_by_mid( 'user', $string_mid ) );
+        $this->assertNotEquals( false, update_metadata_by_mid( 'user', $string_mid, 'meta_new_value_2' ) );
+        $this->assertNotEquals( false, delete_metadata_by_mid( 'user', $string_mid ) );
+    }
+
+    /**
      * @ticket 15030
      */