Navigation

Changeset 9116

Timestamp:

10/10/08 09:40:30 (2 months ago)

Author:

azaozz

Message:

Fix escaping of post meta, props DD32, fixes #7768

Files:

r9105	r9116
500	500	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
501	501
502		$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
503		$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
504		$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
505		$metavalue = $wpdb->escape( $metavalue );
	502	$metakeyselect = stripslashes( trim( $_POST['metakeyselect'] ) );
	503	$metakeyinput = stripslashes( trim( $_POST['metakeyinput'] ) );
	504	$metavalue = maybe_serialize( stripslashes( trim( $_POST['metavalue'] ) ) );
506	505
507	506	if ( ('0' === $metavalue \|\| !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) \|\| !empty ( $metakeyinput) ) ) {
…	…
520	519	wp_cache_delete($post_ID, 'post_meta');
521	520
522		$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta
523		(post_id,meta_key,meta_value ) VALUES (%s, %s, %s)",
524		$post_ID, $metakey, $metavalue) );
	521	$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) );
525	522	return $wpdb->insert_id;
526	523	}

r9106	r9116
520	520	// expected_slashed ($meta_key)
521	521	$meta_key = stripslashes($meta_key);
	522	$meta_value = stripslashes($meta_value);
522	523
523	524	if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
…	…
632	633	// expected_slashed ($meta_key)
633	634	$meta_key = stripslashes($meta_key);
	635	$meta_value = stripslashes($meta_value);
634	636
635	637	if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) {