sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prevent editing of protected meta keys.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@5723 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2007-06-18 16:28:11 +00:00
parent df299289fe
commit 5cfd6c7543
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wp-admin/includes/post.php
View File

@ -336,6 +336,8 @@ function add_meta( $post_ID ) {
global $wpdb; global $wpdb;
$post_ID = (int) $post_ID; $post_ID = (int) $post_ID;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' );
$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) ); $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) ); $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) )); $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
@ -351,6 +353,9 @@ function add_meta( $post_ID ) {
if ( $metakeyinput) if ( $metakeyinput)
$metakey = $metakeyinput; // default $metakey = $metakeyinput; // default
if ( in_array($metakey, $protected) )
return false;
$result = $wpdb->query( " $result = $wpdb->query( "
INSERT INTO $wpdb->postmeta INSERT INTO $wpdb->postmeta
(post_id,meta_key,meta_value ) (post_id,meta_key,meta_value )
@ -405,6 +410,12 @@ function has_meta( $postid ) {
function update_meta( $mid, $mkey, $mvalue ) { function update_meta( $mid, $mkey, $mvalue ) {
global $wpdb; global $wpdb;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' );
if ( in_array($mkey, $protected) )
return false;
$mvalue = maybe_serialize( stripslashes( $mvalue )); $mvalue = maybe_serialize( stripslashes( $mvalue ));
$mvalue = $wpdb->escape( $mvalue ); $mvalue = $wpdb->escape( $mvalue );
$mid = (int) $mid; $mid = (int) $mid;