#2591: TAKE_5.diff - WordPress Trac - Trac

wp-includes/post.php

old	new
229	229	}
230	230	}
231	231
232		$original = $value;
233		if ( is_array($value) \|\| is_object($value) )
234		$value = $wpdb->escape(serialize($value));
	232	$post_meta_cache[$post_id][$key][] = $value;
235	233
	234	$value = prepare_data($value);
	235	$value = $wpdb->escape($value);
	236
236	237	$wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");
237	238
238		~~$post_meta_cache[$post_id][$key][] = $original;~~
239
240	239	return true;
241	240	}
242	241
…	…
311	310	$post_id = (int) $post_id;
312	311
313	312	$original_value = $value;
314		~~if ( is_array($value) \|\| is_object($value) )~~
315		~~$value = $wpdb->escape(serialize($value)~~);
	313	$value = prepare_data($value);
	314	$value = $wpdb->escape($value);
316	315
317	316	$original_prev = $prev_value;
318		~~if ( is_array($prev_value) \|\| is_object($prev_value) )~~
319		~~$prev_value = $wpdb->escape(serialize($prev_value)~~);
	317	$prev_value = prepare_data($prev_value);
	318	$prev_value = $wpdb->escape($prev_value);
320	319
321	320	if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
322	321	return false;

wp-includes/pluggable.php

old	new
78	78
79	79	if ($metavalues) {
80	80	foreach ( $metavalues as $meta ) {
81		@ $value = unserialize($meta->meta_value);
82		if ($value === FALSE)
83		$value = $meta->meta_value;
	81	$value = maybe_unserialize($meta->meta_value);
84	82	$user->{$meta->meta_key} = $value;
85	83
86	84	// We need to set user_level from meta, not row
…	…
131	129
132	130	if ($metavalues) {
133	131	foreach ( $metavalues as $meta ) {
134		@ $value = unserialize($meta->meta_value);
135		if ($value === FALSE)
136		$value = $meta->meta_value;
	132	$value = maybe_unserialize($meta->meta_value);
137	133	$user->{$meta->meta_key} = $value;
138	134
139	135	// We need to set user_level from meta, not row

wp-includes/functions.php

old	new
156	156	}
157	157
158	158	function maybe_unserialize($original) {
159		if ( ~~false !== $gm = @ unserialize($original) )~~
160		~~return $gm;~~
161		~~else~~
162		return $original;
	159	if ( is_serialized($original) ) // don't attempt to unserialize data that wasn't serialized going in
	160	if ( false !== $gm = @ unserialize($original) )
	161	return $gm;
	162	return $original;
163	163	}
164	164
	165	function is_serialized($data) {
	166	if ( !is_string($data) ) // if it isn't a string, it isn't serialized
	167	return false;
	168	$data = trim($data);
	169	if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data
	170	return true;
	171	return false;
	172	}
	173
	174	function is_serialized_string($data) {
	175	if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string
	176	return false;
	177	$data = trim($data);
	178	if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings
	179	return true;
	180	return false;
	181	}
	182
165	183	/* Options functions */
166	184
167	185	function get_option($setting) {
…	…
239	257	}
240	258
241	259	$_newvalue = $newvalue;
242		if ( is_array($newvalue) \|\| is_object($newvalue) )
243		$newvalue = serialize($newvalue);
	260	$newvalue = prepare_data($newvalue);
244	261
245	262	wp_cache_set($option_name, $newvalue, 'options');
246	263
…	…
262	279	if ( false !== get_option($name) )
263	280	return;
264	281
265		if ( is_array($value) \|\| is_object($value) )
266		$value = serialize($value);
	282	$value = prepare_data($value);
267	283
268	284	wp_cache_set($name, $value, 'options');
269	285
…	…
285	301	return true;
286	302	}
287	303
	304	function prepare_data($data) {
	305	if ( is_string($data) )
	306	$data = trim($data);
	307	elseif ( is_array($data) \|\| is_object($data) )
	308	return serialize($data);
	309	if ( is_serialized($data) )
	310	return serialize($data);
	311	return $data;
	312	}
	313
288	314	function gzip_compression() {
289	315	if ( !get_option('gzipcompression') ) return false;
290	316

wp-includes/user.php

old	new
114	114	return false;
115	115	$meta_key = preg_replace('\|[^a-z0-9_]\|i', '', $meta_key);
116	116
117		if ( is_array($meta_value) \|\| is_object($meta_value) )
118		$meta_value = serialize($meta_value);
119		$meta_value = trim( $meta_value );
	117	// FIXME: usermeta data is assumed to be already escaped
	118	$meta_value = stripslashes($meta_value);
	119	$meta_value = prepare_data($meta_value);
	120	$meta_value = $wpdb->escape($meta_value);
120	121
121	122	if (empty($meta_value)) {
122	123	return delete_usermeta($user_id, $meta_key);

wp-admin/wp-admin.css

old	new
445	445	width: 250px;
446	446	}
447	447
	448	input.disabled, textarea.disabled {
	449	background: #ccc;
	450	}
	451
448	452	#adminmenu {
449	453	background: #83B4D8;
450	454	border-top: 3px solid #448abd;

wp-admin/admin-functions.php

old	new
981	981	$style = '';
982	982	if ('_' == $entry['meta_key'] { 0 })
983	983	$style .= ' hidden';
	984
	985	if ( is_serialized($entry['meta_value']) ) {
	986	if ( 's' == $entry['meta_value']{0} ) {
	987	// this is a serialized string, so we should display it
	988	$entry['meta_value'] = maybe_unserialize($entry['meta_value']);
	989	} else {
	990	// this is a serialized array/object so we should NOT display it
	991	--$count;
	992	continue;
	993	}
	994	}
	995
984	996	$key_js = js_escape($entry['meta_key']);
985	997	$entry['meta_key'] = wp_specialchars( $entry['meta_key'], true );
986	998	$entry['meta_value'] = wp_specialchars( $entry['meta_value'], true );
…	…
1056	1068
1057	1069	$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
1058	1070	$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
1059		$metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue'])));
	1071	$metavalue = prepare_data(stripslashes((trim($_POST['metavalue']))));
	1072	$metavalue = $wpdb->escape($metavalue);
1060	1073
1061	1074	if ( ('0' === $metavalue \|\| !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) \|\| !empty ($metakeyinput)) ) {
1062	1075	// We have a key/value pair. If both the select and the
…	…
1087	1100
1088	1101	function update_meta($mid, $mkey, $mvalue) {
1089	1102	global $wpdb;
	1103	if ( is_serialized(stripslashes($mvalue)) ) // $mvalue looks to be already serialized, so we should serialize it again to prevent the data from coming out in a different form than it came in
	1104	$mvalue = serialize($mvalue);
1090	1105	$mid = (int) $mid;
1091
1092	1106	return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
1093	1107	}
1094	1108

wp-admin/options.php

old	new
124	124	<table width="98%">
125	125	<?php
126	126	$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
127		~~foreach ( (array) $options as $option )~~
128		~~$options_to_update[] = $option->option_name;~~
129		~~$options_to_update = implode(',', $options_to_update);~~
130		?>
131	127
132		~~<input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" />~~
133
134		~~<?php~~
135	128	foreach ( (array) $options as $option) :
136		$value = wp_specialchars($option->option_value, 'single');
	129	$disabled = '';
	130	if ( is_serialized($option->option_value) ) {
	131	if ( 's' == $option->option_value{0} ) {
	132	// this is a serialized string, so we should display it
	133	$value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
	134	$options_to_update[] = $option->option_name;
	135	$class = 'all-options';
	136	} else {
	137	$value = 'SERIALIZED DATA';
	138	$disabled = ' disabled="disabled"';
	139	$class = 'all-options disabled';
	140	}
	141	} else {
	142	$value = wp_specialchars($option->option_value, 'single');
	143	$options_to_update[] = $option->option_name;
	144	$class = 'all-options';
	145	}
137	146	echo "
138	147	<tr>
139	148	<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
140	149	<td>";
141	150
142		if (stristr($value, "\n")) echo "<textarea class='~~all-option~~s' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
143		else echo "<input class='~~all-options' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'~~ />";
	151	if (stristr($value, "\n")) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
	152	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
144	153
145	154	echo "</td>
146	155	<td>$option->option_description</td>
…	…
148	157	endforeach;
149	158	?>
150	159	</table>
151		<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>
	160	<?php $options_to_update = implode(',', $options_to_update); ?>
	161	<p class="submit"><input type="hidden" name="page_options" value="<?php echo wp_specialchars($options_to_update, true); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>
152	162	</form>
153	163	</div>
154	164

Ticket #2591: TAKE_5.diff

wp-includes/post.php

wp-includes/pluggable.php

wp-includes/functions.php

wp-includes/user.php

wp-admin/wp-admin.css

wp-admin/admin-functions.php

wp-admin/options.php

Download in other formats: