WordPress.org

Make WordPress Core

Changeset 9129


Ignore:
Timestamp:
10/13/2008 02:48:45 AM (10 years ago)
Author:
azaozz
Message:

Fix stripslashes for post metadata, phpDoc updates for media.php, props jacobsantos, fixes #7871

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r9053 r9129  
    681681}
    682682
    683 // produce HTML for the image alignment radio buttons with the specified one checked
    684 /**
    685  * {@internal Missing Short Description}}
     683/**
     684 * Retrieve HTML for the image alignment radio buttons with the specified one checked.
    686685 *
    687686 * @since unknown
     
    707706}
    708707
    709 // produce HTML for the size radio buttons with the specified one checked
    710 /**
    711  * {@internal Missing Short Description}}
     708/**
     709 * Retrieve HTML for the size radio buttons with the specified one checked.
    712710 *
    713711 * @since unknown
     
    724722        foreach ( $size_names as $size => $name) {
    725723            $downsize = image_downsize($post->ID, $size);
    726            
     724
    727725            // is this size selectable?
    728726            $enabled = ( $downsize[3] || 'full' == $size );
     
    754752}
    755753
    756 // produce HTML for the Link URL buttons with the default link type as specified
    757 /**
    758  * {@internal Missing Short Description}}
     754/**
     755 * Retrieve HTML for the Link URL buttons with the default link type as specified.
    759756 *
    760757 * @since unknown
     
    961958
    962959/**
    963  * {@internal Missing Short Description}}
    964  *
    965  * @since unknown
    966  *
    967  * @param unknown_type $post_id
    968  * @param unknown_type $errors
    969  * @return unknown
     960 * Retrieve HTML for media items of post gallery.
     961 *
     962 * The HTML markup retrieved will be created for the progress of SWF Upload
     963 * component. Will also create link for showing and hiding the form to modify
     964 * the image attachment.
     965 *
     966 * @since unknown
     967 *
     968 * @param int $post_id Optional. Post ID.
     969 * @param array $errors Errors for attachment, if any.
     970 * @return string
    970971 */
    971972function get_media_items( $post_id, $errors ) {
     
    993994
    994995/**
    995  * {@internal Missing Short Description}}
    996  *
    997  * @since unknown
    998  *
    999  * @param unknown_type $attachment_id
    1000  * @param unknown_type $args
    1001  * @return unknown
     996 * Retrieve HTML form for modifying the image attachment.
     997 *
     998 * @since unknown
     999 *
     1000 * @param int $attachment_id Attachment ID for modification.
     1001 * @param string|array $args Optional. Override defaults.
     1002 * @return string HTML form for attachment.
    10021003 */
    10031004function get_media_item( $attachment_id, $args = null ) {
     
    18041805}
    18051806
    1806 // support a GET parameter for disabling the flash uploader
    1807 /**
    1808  * {@internal Missing Short Description}}
     1807/**
     1808 * {@internal Missing Short Description}}
     1809 *
     1810 * Support a GET parameter for disabling the flash uploader.
    18091811 *
    18101812 * @since unknown
     
    18541856add_action('post-html-upload-ui', 'media_upload_html_bypass');
    18551857
    1856 // make sure the GET parameter sticks when we submit a form
    1857 /**
    1858  * {@internal Missing Short Description}}
     1858/**
     1859 * {@internal Missing Short Description}}
     1860 *
     1861 * Make sure the GET parameter sticks when we submit a form.
    18591862 *
    18601863 * @since unknown
  • trunk/wp-includes/post.php

    r9123 r9129  
    520520    // expected_slashed ($meta_key)
    521521    $meta_key = stripslashes($meta_key);
    522     $meta_value = stripslashes($meta_value);
    523522
    524523    if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
    525524        return false;
    526525
    527     $meta_value = maybe_serialize($meta_value);
     526    $meta_value = maybe_serialize( stripslashes_deep($meta_value) );
    528527
    529528    $wpdb->insert( $wpdb->postmeta, compact( 'post_id', 'meta_key', 'meta_value' ) );
     
    546545 *
    547546 * @param int $post_id post ID
    548  * @param string $key Metadata name.
    549  * @param mixed $value Optional. Metadata value.
     547 * @param string $meta_key Metadata name.
     548 * @param mixed $meta_value Optional. Metadata value.
    550549 * @return bool False for failure. True for success.
    551550 */
    552 function delete_post_meta($post_id, $key, $value = '') {
     551function delete_post_meta($post_id, $meta_key, $meta_value = '') {
    553552    global $wpdb;
    554553
    555554    $post_id = absint( $post_id );
    556555
    557     // expected_slashed ($key, $value)
    558     $key = stripslashes( $key );
    559     $value = stripslashes( $value );
    560 
    561     if ( empty( $value ) )
    562         $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) );
     556    // expected_slashed ($meta_key, $meta_value)
     557    $meta_key = stripslashes( $meta_key );
     558    $meta_value = maybe_serialize( stripslashes_deep($meta_value) );
     559
     560    if ( empty( $meta_value ) )
     561        $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) );
    563562    else
    564         $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) );
     563        $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) );
    565564
    566565    if ( !$meta_id )
    567566        return false;
    568567
    569     if ( empty( $value ) )
    570         $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) );
     568    if ( empty( $meta_value ) )
     569        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) );
    571570    else
    572         $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) );
     571        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) );
    573572
    574573    wp_cache_delete($post_id, 'post_meta');
     
    633632    // expected_slashed ($meta_key)
    634633    $meta_key = stripslashes($meta_key);
    635     $meta_value = stripslashes($meta_value);
    636634
    637635    if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) {
     
    639637    }
    640638
    641     $meta_value = maybe_serialize($meta_value);
     639    $meta_value = maybe_serialize( stripslashes_deep($meta_value) );
    642640
    643641    $data  = compact( 'meta_value' );
Note: See TracChangeset for help on using the changeset viewer.