WordPress.org
Get WordPress

Make WordPress Core

Ticket #7768: 7768.diff

File 7768.diff, 2.3 KB (added by DD32, 16 years ago)

  • wp-admin/includes/post.php

     
    342342
    343343        $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
    344344
    345         $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
    346         $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
    347         $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
    348         $metavalue = $wpdb->escape( $metavalue );
     345        $metakeyselect = stripslashes( trim( $_POST['metakeyselect'] ) );
     346        $metakeyinput = stripslashes( trim( $_POST['metakeyinput'] ) );
     347        $metavalue = maybe_serialize( stripslashes( trim( $_POST['metavalue'] ) ) );
    349348
    350349        if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {
    351350                // We have a key/value pair. If both the select and the
     
    362361
    363362                wp_cache_delete($post_ID, 'post_meta');
    364363
    365                 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta
    366                         (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)",
    367                         $post_ID, $metakey, $metavalue) );
     364                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) );
    368365                return $wpdb->insert_id;
    369366        }
    370367        return false;

  • wp-includes/post.php

     
    519519
    520520        // expected_slashed ($meta_key)
    521521        $meta_key = stripslashes($meta_key);
     522        $meta_value = stripslashes($meta_value);
    522523
    523524        if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
    524525                return false;
     
    631632
    632633        // expected_slashed ($meta_key)
    633634        $meta_key = stripslashes($meta_key);
     635        $meta_value = stripslashes($meta_value);
    634636
    635637        if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) {
    636638                return add_post_meta($post_id, $meta_key, $meta_value);