get_post_meta return incorrect data under certain circumstances

[markedwards]

If a post has a record in the postmeta table with a blank/empty meta_key name and get_post_meta is called using a blank meta_key or one that does not exist then get_post_meta might return the meta_value for a previously existing table record that has a blank meta_key name.

Example where this might happen: Developer A writes a plugin that mistakenly inserts post meta data without a key name (e.g. meta_key is blank). Developer B writes a plugin that mistakenly tries to get post meta data using a meta_key name that does not exist (whether accidentally, or intentionally to determine if a key exists). Under those circumstances Developer B's call to get_post_meta will return the meta_value having a blank meta_key name, as previously written to the database by Developer A.

To test this scenario inject a record for a given post ID into the table without a meta_key name (e.g. empty meta_key name) but WITH a meta value. Then called get_post_meta on the associated post ID using any meta_key name known not to be associated with the post ID. The return result will be the value associated with the record having the empty meta_key name.

The solution is to make sure that the functions get_post_meta, add_post_meta, delete_post_meta, and update_post_meta (in wp-includes/post.php) all check for a blank key name before taking any action and if the key is blank return accordingly per the function: return false for add_post_meta, delete_post_meta, and update_post_meta; and return empty for get_post_meta).

[markedwards]

Sorry, forgot to mention - this is the case on WP 2.6.2 and most likely previous versions.

[automattor]

(In [10711]) Check for empty meta keys. Props Denis-de-Bernardy, markedwards. fixes #7953