sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use *_metadata_by_mid() API in set_custom_fields(). Handle slashing when checking caps for key. see #18195 

git-svn-id: https://develop.svn.wordpress.org/trunk@18501 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2011-08-03 18:20:15 +00:00
parent dbb0b7c8d6
commit 7edcf1b07e
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/class-wp-xmlrpc-server.php
View File

@ -262,15 +262,17 @@ class wp_xmlrpc_server extends IXR_Server {
if ( isset($meta['id']) ) {
$meta['id'] = (int) $meta['id'];
$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
$meta['value'] = stripslashes_deep( $meta['value'] );
if ( isset($meta['key']) ) {
$meta['key'] = stripslashes( $meta['key'] );
if ( $meta['key'] != $pmeta->meta_key )
continue;
if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
update_meta( $meta['id'], $meta['key'], $meta['value'] );
update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
delete_meta( $meta['id'] );
delete_metadata_by_mid( 'post', $meta['id'] );
}
} elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) {
} elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
add_post_meta( $post_id, $meta['key'], $meta['value'] );
}
}