From bd86766a7233a823d790625f8488ba56839e91d7 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Tue, 8 Dec 2009 00:48:39 +0000 Subject: [PATCH] Use stripslashes_deep to strip meta values. Props JonathanRogers, Sewar. fixes #10656 git-svn-id: https://develop.svn.wordpress.org/trunk@12336 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/includes/post.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index e611287dc3..692dc58df7 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -559,7 +559,9 @@ function add_meta( $post_ID ) { $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : ''; $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : ''; - $metavalue = isset($_POST['metavalue']) ? maybe_serialize( stripslashes( trim( $_POST['metavalue'] ) ) ) : ''; + $metavalue = isset($_POST['metavalue']) ? maybe_serialize( stripslashes_deep( $_POST['metavalue'] ) ) : ''; + if ( is_string($metavalue) ) + $metavalue = trim( $metavalue ); if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) { // We have a key/value pair. If both the select and the @@ -686,7 +688,7 @@ function update_meta( $meta_id, $meta_key, $meta_value ) { $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) ); wp_cache_delete($post_id, 'post_meta'); - $meta_value = maybe_serialize( stripslashes( $meta_value ) ); + $meta_value = maybe_serialize( stripslashes_deep( $meta_value ) ); $meta_id = (int) $meta_id; $data = compact( 'meta_key', 'meta_value' );