diff --git a/src/wp-includes/meta.php b/src/wp-includes/meta.php index e1c1f92e48..fe144fcda6 100644 --- a/src/wp-includes/meta.php +++ b/src/wp-includes/meta.php @@ -1159,7 +1159,8 @@ function _get_meta_table( $type ) { * @return bool Whether the meta key is considered protected. */ function is_protected_meta( $meta_key, $meta_type = '' ) { - $protected = ( '_' === $meta_key[0] ); + $sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key ); + $protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] ); /** * Filters whether a meta key is considered protected. diff --git a/tests/phpunit/tests/meta/isProtectedMeta.php b/tests/phpunit/tests/meta/isProtectedMeta.php new file mode 100644 index 0000000000..c204d381f5 --- /dev/null +++ b/tests/phpunit/tests/meta/isProtectedMeta.php @@ -0,0 +1,55 @@ +assertTrue( is_protected_meta( $key ) ); + } + + public function protected_data() { + $protected_keys = array( + array( '_wp_attachment' ), + ); + for ( $i = 0, $max = 31; $i < $max; $i ++ ) { + $protected_keys[] = array( chr( $i ) . '_wp_attachment' ); + } + for ( $i = 127, $max = 159; $i <= $max; $i ++ ) { + $protected_keys[] = array( chr( $i ) . '_wp_attachment' ); + } + $protected_keys[] = array( chr( 95 ) . '_wp_attachment' ); + + return $protected_keys; + } + + /** + * @dataProvider unprotected_data + */ + public function test_unprotected( $key ) { + $this->assertFalse( is_protected_meta( $key ) ); + } + + public function unprotected_data() { + $unprotected_keys = array( + array( 'singleword' ), + array( 'two_words' ), + array( 'ąŌ_not_so_protected_meta' ), + ); + + for ( $i = 32, $max = 94; $i <= $max; $i ++ ) { + $unprotected_keys[] = array( chr( $i ) . '_wp_attachment' ); + } + for ( $i = 96, $max = 126; $i <= $max; $i ++ ) { + $unprotected_keys[] = array( chr( $i ) . '_wp_attachment' ); + } + + return $unprotected_keys; + } + +}