From d37de180e1adb134b0dfdacd2cecb0120d03a587 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Tue, 23 Feb 2010 22:42:54 +0000
Subject: [PATCH] Validate $object_id in *_metadata() functions. Props scribu
 fixes #11841

git-svn-id: https://develop.svn.wordpress.org/trunk@13347 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/meta.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/wp-includes/meta.php b/wp-includes/meta.php
index 6f6f95c04e..48d7dd7e5e 100644
--- a/wp-includes/meta.php
+++ b/wp-includes/meta.php
@@ -32,6 +32,9 @@ function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique =
 	if ( !$meta_type || !$meta_key )
 		return false;
 
+	if ( !$object_id = absint($object_id) )
+		return false;
+
 	if ( ! $table = _get_meta_table($meta_type) )
 		return false;
 
@@ -85,6 +88,9 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v
 	if ( !$meta_type || !$meta_key )
 		return false;
 
+	if ( !$object_id = absint($object_id) )
+		return false;
+
 	if ( ! $table = _get_meta_table($meta_type) )
 		return false;
 
@@ -138,7 +144,10 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v
  * @return bool True on successful delete, false on failure.
  */
 function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false) {
-	if ( !$meta_type || !$meta_key || (!$delete_all && ! (int)$object_id) )
+	if ( !$meta_type || !$meta_key )
+		return false;
+
+	if ( !$object_id = absint($object_id) && !$delete_all )
 		return false;
 
 	if ( ! $table = _get_meta_table($meta_type) )
@@ -195,6 +204,9 @@ function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) {
 	if ( !$meta_type )
 		return false;
 
+	if ( !$object_id = absint($object_id) )
+		return false;
+
 	$meta_cache = wp_cache_get($object_id, $meta_type . '_meta');
 
 	if ( !$meta_cache ) {