Changeset 9129 for trunk/wp-includes/post.php

Timestamp:

10/13/2008 02:48:45 AM (17 years ago)

Author:

azaozz

Message:

Fix stripslashes for post metadata, phpDoc updates for media.php, props jacobsantos, fixes #7871

File:

• trunk/wp-includes/post.php (modified) (4 diffs)

trunk/wp-includes/post.php

@@ -520 +520 @@
     // expected_slashed ($meta_key)
     $meta_key = stripslashes($meta_key);
-    $meta_value = stripslashes($meta_value);
 
     if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
         return false;
 
-    $meta_value = maybe_serialize($meta_value);
+    $meta_value = maybe_serialize( stripslashes_deep($meta_value) );
 
     $wpdb->insert( $wpdb->postmeta, compact( 'post_id', 'meta_key', 'meta_value' ) );
@@ -546 +545 @@
  *
  * @param int $post_id post ID
- * @param string $key Metadata name.
- * @param mixed $value Optional. Metadata value.
+ * @param string $meta_key Metadata name.
+ * @param mixed $meta_value Optional. Metadata value.
  * @return bool False for failure. True for success.
  */
-function delete_post_meta($post_id, $key, $value = '') {
+function delete_post_meta($post_id, $meta_key, $meta_value = '') {
     global $wpdb;
 
     $post_id = absint( $post_id );
 
-    // expected_slashed ($key, $value)
-    $key = stripslashes( $key );
-    $value = stripslashes( $value );
-
-    if ( empty( $value ) )
-        $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) );
+    // expected_slashed ($meta_key, $meta_value)
+    $meta_key = stripslashes( $meta_key );
+    $meta_value = maybe_serialize( stripslashes_deep($meta_value) );
+
+    if ( empty( $meta_value ) )
+        $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) );
     else
-        $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) );
+        $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) );
 
     if ( !$meta_id )
         return false;
 
-    if ( empty( $value ) )
-        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) );
+    if ( empty( $meta_value ) )
+        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) );
     else
-        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) );
+        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) );
 
     wp_cache_delete($post_id, 'post_meta');
@@ -633 +632 @@
     // expected_slashed ($meta_key)
     $meta_key = stripslashes($meta_key);
-    $meta_value = stripslashes($meta_value);
 
     if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) {
@@ -639 +637 @@
     }
 
-    $meta_value = maybe_serialize($meta_value);
+    $meta_value = maybe_serialize( stripslashes_deep($meta_value) );
 
     $data  = compact( 'meta_value' );