Meta: Sanitize meta key before checking protection status.

Props zieladam, peterwilsoncc, xknown, whyisjake.



git-svn-id: https://develop.svn.wordpress.org/branches/5.5@49378 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jake Spurlock 2020-10-29 17:31:40 +00:00
parent 59414965b5
commit 9ece9cf045
2 changed files with 57 additions and 1 deletions

View File

@ -1159,7 +1159,8 @@ function _get_meta_table( $type ) {
* @return bool Whether the meta key is considered protected. * @return bool Whether the meta key is considered protected.
*/ */
function is_protected_meta( $meta_key, $meta_type = '' ) { function is_protected_meta( $meta_key, $meta_type = '' ) {
$protected = ( '_' === $meta_key[0] ); $sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
$protected = strlen( $sanitized_key ) > 0 && ( '_' == $sanitized_key[0] );
/** /**
* Filters whether a meta key is considered protected. * Filters whether a meta key is considered protected.

View File

@ -0,0 +1,55 @@
<?php
/**
* @group meta
* @covers ::is_protected_meta
*/
class Tests_Meta_isProtectedMeta extends WP_UnitTestCase {
/**
* @dataProvider protected_data
*/
public function test_protected( $key ) {
$this->assertTrue( is_protected_meta( $key ) );
}
public function protected_data() {
$protected_keys = array(
array( '_wp_attachment' ),
);
for ( $i = 0, $max = 31; $i < $max; $i ++ ) {
$protected_keys[] = array( chr( $i ) . '_wp_attachment' );
}
for ( $i = 127, $max = 159; $i <= $max; $i ++ ) {
$protected_keys[] = array( chr( $i ) . '_wp_attachment' );
}
$protected_keys[] = array( chr( 95 ) . '_wp_attachment' );
return $protected_keys;
}
/**
* @dataProvider unprotected_data
*/
public function test_unprotected( $key ) {
$this->assertFalse( is_protected_meta( $key ) );
}
public function unprotected_data() {
$unprotected_keys = array(
array( 'singleword' ),
array( 'two_words' ),
array( 'ąŌ_not_so_protected_meta' ),
);
for ( $i = 32, $max = 94; $i <= $max; $i ++ ) {
$unprotected_keys[] = array( chr( $i ) . '_wp_attachment' );
}
for ( $i = 96, $max = 126; $i <= $max; $i ++ ) {
$unprotected_keys[] = array( chr( $i ) . '_wp_attachment' );
}
return $unprotected_keys;
}
}