Make WordPress Core


Ignore:
Timestamp:
12/13/2018 04:29:57 PM (6 years ago)
Author:
desrosj
Message:

REST API: Slash existing meta values when comparing with incoming meta upates.

When comparing the old and new values for a meta key being set, ensure both values are sanitized using the same logic so that equal values match.

props boonebgorges, dcavins, MattGeri, pilou69, TimothyBlynJacobs, kadamwhite.

Merges [43740] to trunk.

Fixes #42069.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php

    r43571 r44113  
    318318        }
    319319
    320         $meta_key   = wp_slash( $meta_key );
    321         $meta_value = wp_slash( $value );
    322 
    323320        // Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false.
    324321        $old_value = get_metadata( $meta_type, $object_id, $meta_key );
     322        $subtype   = get_object_subtype( $meta_type, $object_id );
    325323
    326324        if ( 1 === count( $old_value ) ) {
    327             if ( $old_value[0] === $meta_value ) {
     325            if ( (string) sanitize_meta( $meta_key, $value, $meta_type, $subtype ) === $old_value[0] ) {
    328326                return true;
    329327            }
    330328        }
    331329
    332         if ( ! update_metadata( $meta_type, $object_id, $meta_key, $meta_value ) ) {
     330        if ( ! update_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) {
    333331            return new WP_Error(
    334332                'rest_meta_database_error',
Note: See TracChangeset for help on using the changeset viewer.