Changeset 5737

Timestamp:

06/20/07 19:21:08 (1 year ago)

Author:

markjaquith

Message:

Prevent editing of protected meta keys for 2.0.x

Files:

• branches/2.0/wp-admin/admin-functions.php (modified) (3 diffs)

branches/2.0/wp-admin/admin-functions.php

@@ -939 +939 @@
-    $post_ID = (int) $post_ID;
-
+    $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
-    $metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
-    $metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
@@ -953 +955 @@
-        if ($metakeyinput)
-            $metakey = $metakeyinput; // default
+
+        if ( in_array($metakey, $protected) )
+            return false;
-
-        $result = $wpdb->query("
@@ -971 +976 @@
-function update_meta($mid, $mkey, $mvalue) {
-    global $wpdb;
+
+    $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
+    if ( in_array($mkey, $protected) )
+        return false;
+
-    $mvalue = maybe_serialize(stripslashes($mvalue));
-    $mvalue = $wpdb->escape($mvalue);