Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#37746 closed defect (bug) (fixed)

Replace `absint( $meta_id)` check in `delete_metadata_by_mid`, etc

Reported by: peterwilsoncc Owned by: peterwilsoncc
Milestone: 4.7 Priority: normal
Severity: normal Version: 4.0
Component: Options, Meta APIs Keywords: has-patch has-unit-tests
Focuses: Cc:


Absint is run on the meta ID when deleting meta data, so calling delete_metadata_by_mid( 'user', -10 ) actually results in delete_metadata_by_mid( 'user', 10 ).

This is close but not close enough, instead the function can check it's a positive integer and fail if not.

Same applies to:

  • update_metadata_by_mid
  • get_metadata_by_mid

This will affect the related functions for particular meta types.

Attachments (2)

37746.diff (1.6 KB) - added by peterwilsoncc 5 years ago.
37746.2.diff (3.1 KB) - added by peterwilsoncc 5 years ago.

Download all attachments as: .zip

Change History (7)

5 years ago

#1 @peterwilsoncc
5 years ago

  • Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed
  • Version set to 4.0

In 37746.diff:

  • replace absint with intval
  • return false if $meta_id is zero or lower.

#3 @peterwilsoncc
5 years ago

  • Milestone changed from Awaiting Review to 4.7

Milestoning this to join the related tickets mentioned above.

#4 @peterwilsoncc
5 years ago

In 37746.2.diff:

  • fail on negative numbers
  • fail on floats
  • get_metadata_by_mid( "1.0" ) is accepted

#5 @peterwilsoncc
5 years ago

  • Owner set to peterwilsoncc
  • Resolution set to fixed
  • Status changed from new to closed

In 38699:

Meta: Improve ID casting when getting, updating or deleting meta data.

Blindly casting IDs to absolute integers in get_metadata_by_mid(), update_metadata_by_mid() and delete_metadata_by_mid() can cause unexpected behaviour when a floating or negative number is passed.

Fixes #37746.

Note: See TracTickets for help on using tickets.