Meta: Sanitize meta key before checking protection status.
Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/branches/5.5@49378 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
59414965b5
commit
9ece9cf045
@ -1159,7 +1159,8 @@ function _get_meta_table( $type ) {
|
|||||||
* @return bool Whether the meta key is considered protected.
|
* @return bool Whether the meta key is considered protected.
|
||||||
*/
|
*/
|
||||||
function is_protected_meta( $meta_key, $meta_type = '' ) {
|
function is_protected_meta( $meta_key, $meta_type = '' ) {
|
||||||
$protected = ( '_' === $meta_key[0] );
|
$sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
|
||||||
|
$protected = strlen( $sanitized_key ) > 0 && ( '_' == $sanitized_key[0] );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters whether a meta key is considered protected.
|
* Filters whether a meta key is considered protected.
|
||||||
|
55
tests/phpunit/tests/meta/isProtectedMeta.php
Normal file
55
tests/phpunit/tests/meta/isProtectedMeta.php
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group meta
|
||||||
|
* @covers ::is_protected_meta
|
||||||
|
*/
|
||||||
|
class Tests_Meta_isProtectedMeta extends WP_UnitTestCase {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider protected_data
|
||||||
|
*/
|
||||||
|
public function test_protected( $key ) {
|
||||||
|
$this->assertTrue( is_protected_meta( $key ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
public function protected_data() {
|
||||||
|
$protected_keys = array(
|
||||||
|
array( '_wp_attachment' ),
|
||||||
|
);
|
||||||
|
for ( $i = 0, $max = 31; $i < $max; $i ++ ) {
|
||||||
|
$protected_keys[] = array( chr( $i ) . '_wp_attachment' );
|
||||||
|
}
|
||||||
|
for ( $i = 127, $max = 159; $i <= $max; $i ++ ) {
|
||||||
|
$protected_keys[] = array( chr( $i ) . '_wp_attachment' );
|
||||||
|
}
|
||||||
|
$protected_keys[] = array( chr( 95 ) . '_wp_attachment' );
|
||||||
|
|
||||||
|
return $protected_keys;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider unprotected_data
|
||||||
|
*/
|
||||||
|
public function test_unprotected( $key ) {
|
||||||
|
$this->assertFalse( is_protected_meta( $key ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
public function unprotected_data() {
|
||||||
|
$unprotected_keys = array(
|
||||||
|
array( 'singleword' ),
|
||||||
|
array( 'two_words' ),
|
||||||
|
array( 'ąŌ_not_so_protected_meta' ),
|
||||||
|
);
|
||||||
|
|
||||||
|
for ( $i = 32, $max = 94; $i <= $max; $i ++ ) {
|
||||||
|
$unprotected_keys[] = array( chr( $i ) . '_wp_attachment' );
|
||||||
|
}
|
||||||
|
for ( $i = 96, $max = 126; $i <= $max; $i ++ ) {
|
||||||
|
$unprotected_keys[] = array( chr( $i ) . '_wp_attachment' );
|
||||||
|
}
|
||||||
|
|
||||||
|
return $unprotected_keys;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user