From fe0ba53c44bc68462948856a1b05cd017d34ffb5 Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Sat, 1 Oct 2016 06:27:27 +0000 Subject: [PATCH] Meta: Improve ID casting when getting, updating or deleting meta data. Blindly casting IDs to absolute integers in `get_metadata_by_mid()`, `update_metadata_by_mid()` and `delete_metadata_by_mid()` can cause unexpected behaviour when a floating or negative number is passed. Fixes #37746. git-svn-id: https://develop.svn.wordpress.org/trunk@38699 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/meta.php | 18 ++++++++--------- tests/phpunit/tests/meta.php | 38 ++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 9 deletions(-) diff --git a/src/wp-includes/meta.php b/src/wp-includes/meta.php index 8833d3e987..b7ea2af9f4 100644 --- a/src/wp-includes/meta.php +++ b/src/wp-includes/meta.php @@ -567,12 +567,12 @@ function metadata_exists( $meta_type, $object_id, $meta_key ) { function get_metadata_by_mid( $meta_type, $meta_id ) { global $wpdb; - if ( ! $meta_type || ! is_numeric( $meta_id ) ) { + if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) { return false; } - $meta_id = absint( $meta_id ); - if ( ! $meta_id ) { + $meta_id = intval( $meta_id ); + if ( $meta_id <= 0 ) { return false; } @@ -611,12 +611,12 @@ function update_metadata_by_mid( $meta_type, $meta_id, $meta_value, $meta_key = global $wpdb; // Make sure everything is valid. - if ( ! $meta_type || ! is_numeric( $meta_id ) ) { + if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) { return false; } - $meta_id = absint( $meta_id ); - if ( ! $meta_id ) { + $meta_id = intval( $meta_id ); + if ( $meta_id <= 0 ) { return false; } @@ -702,12 +702,12 @@ function delete_metadata_by_mid( $meta_type, $meta_id ) { global $wpdb; // Make sure everything is valid. - if ( ! $meta_type || ! is_numeric( $meta_id ) ) { + if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) { return false; } - $meta_id = absint( $meta_id ); - if ( ! $meta_id ) { + $meta_id = intval( $meta_id ); + if ( $meta_id <= 0 ) { return false; } diff --git a/tests/phpunit/tests/meta.php b/tests/phpunit/tests/meta.php index 0676c7ec0f..eb6f2c51af 100644 --- a/tests/phpunit/tests/meta.php +++ b/tests/phpunit/tests/meta.php @@ -292,6 +292,44 @@ class Tests_Meta extends WP_UnitTestCase { $this->assertFalse( delete_metadata_by_mid( 'user', array( 1 ) ) ); } + /** + * @ticket 37746 + */ + function test_negative_meta_id() { + $negative_mid = $this->meta_id * -1; + + $this->assertTrue( $negative_mid < 0 ); + $this->assertFalse( get_metadata_by_mid( 'user', $negative_mid ) ); + $this->assertFalse( update_metadata_by_mid( 'user', $negative_mid, 'meta_new_value' ) ); + $this->assertFalse( delete_metadata_by_mid( 'user', $negative_mid ) ); + } + + /** + * @ticket 37746 + */ + function test_floating_meta_id() { + $floating_mid = $this->meta_id + 0.1337; + + $this->assertTrue( floor( $floating_mid ) !== $floating_mid ); + $this->assertFalse( get_metadata_by_mid( 'user', $floating_mid ) ); + $this->assertFalse( update_metadata_by_mid( 'user', $floating_mid, 'meta_new_value' ) ); + $this->assertFalse( delete_metadata_by_mid( 'user', $floating_mid ) ); + } + + /** + * @ticket 37746 + */ + function test_string_point_zero_meta_id() { + $meta_id = add_metadata( 'user', $this->author->ID, 'meta_key', 'meta_value_2' ); + + $string_mid = "{$meta_id}.0"; + + $this->assertTrue( floor( $string_mid ) == $string_mid ); + $this->assertNotEquals( false, get_metadata_by_mid( 'user', $string_mid ) ); + $this->assertNotEquals( false, update_metadata_by_mid( 'user', $string_mid, 'meta_new_value_2' ) ); + $this->assertNotEquals( false, delete_metadata_by_mid( 'user', $string_mid ) ); + } + /** * @ticket 15030 */