Make WordPress Core


Ignore:
Timestamp:
10/17/2018 08:09:33 PM (6 years ago)
Author:
kadamwhite
Message:

REST API: Slash existing meta values when comparing with incoming meta upates.

When comparing the old and new values for a meta key being set, ensure both values are sanitized using the same logic so that equal values match.

props boonebgorges, dcavins, MattGeri, pilou69, TimothyBlynJacobs.
Fixes #42069.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php

    r43510 r43740  
    296296        }
    297297
    298         $meta_key   = wp_slash( $meta_key );
    299         $meta_value = wp_slash( $value );
    300 
    301298        // Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false.
    302299        $old_value = get_metadata( $meta_type, $object_id, $meta_key );
     300        $subtype   = get_object_subtype( $meta_type, $object_id );
    303301
    304302        if ( 1 === count( $old_value ) ) {
    305             if ( $old_value[0] === $meta_value ) {
     303            if ( (string) sanitize_meta( $meta_key, $value, $meta_type, $subtype ) === $old_value[0] ) {
    306304                return true;
    307305            }
    308306        }
    309307
    310         if ( ! update_metadata( $meta_type, $object_id, $meta_key, $meta_value ) ) {
     308        if ( ! update_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) {
    311309            return new WP_Error(
    312310                'rest_meta_database_error',
Note: See TracChangeset for help on using the changeset viewer.