mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-01-17 12:58:25 +01:00
Code Issues Actions 98 Packages Projects Releases Wiki Activity

Prevent editing of protected meta keys for 2.0.x

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/branches/2.0@5737 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith 2007-06-20 19:21:08 +00:00
parent 8f586a078a
commit bff058e8f2
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wp-admin/admin-functions.php
View File

@ -938,6 +938,8 @@ function add_meta($post_ID) {
global $wpdb;
$post_ID = (int) $post_ID;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
$metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue']))));
@ -953,6 +955,9 @@ function add_meta($post_ID) {
if ($metakeyinput)
$metakey = $metakeyinput; // default
if ( in_array($metakey, $protected) )
return false;
$result = $wpdb->query("
INSERT INTO $wpdb->postmeta
(post_id,meta_key,meta_value)
@ -970,6 +975,12 @@ function delete_meta($mid) {
function update_meta($mid, $mkey, $mvalue) {
global $wpdb;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
if ( in_array($mkey, $protected) )
return false;
$mvalue = maybe_serialize(stripslashes($mvalue));
$mvalue = $wpdb->escape($mvalue);
$mid = (int) $mid;