From 4e57c6f9411c0882481215ab314af1506759d098 Mon Sep 17 00:00:00 2001 From: desrosj Date: Thu, 13 Dec 2018 16:30:37 +0000 Subject: [PATCH] REST API: Slash existing meta values when comparing with incoming meta upates. When comparing the old and new values for a meta key being set, ensure both values are sanitized using the same logic so that equal values match. props boonebgorges, dcavins, MattGeri, pilou69, TimothyBlynJacobs, kadamwhite. Merges [43740] to trunk. Fixes #42069. Built from https://develop.svn.wordpress.org/trunk@44113 git-svn-id: http://core.svn.wordpress.org/trunk@43943 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/rest-api/fields/class-wp-rest-meta-fields.php | 8 +++----- wp-includes/version.php | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php b/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php index 059f78c6e8..a24a5f649c 100644 --- a/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php +++ b/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php @@ -317,19 +317,17 @@ abstract class WP_REST_Meta_Fields { ); } - $meta_key = wp_slash( $meta_key ); - $meta_value = wp_slash( $value ); - // Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false. $old_value = get_metadata( $meta_type, $object_id, $meta_key ); + $subtype = get_object_subtype( $meta_type, $object_id ); if ( 1 === count( $old_value ) ) { - if ( $old_value[0] === $meta_value ) { + if ( (string) sanitize_meta( $meta_key, $value, $meta_type, $subtype ) === $old_value[0] ) { return true; } } - if ( ! update_metadata( $meta_type, $object_id, $meta_key, $meta_value ) ) { + if ( ! update_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) { return new WP_Error( 'rest_meta_database_error', __( 'Could not update meta value in database.' ), diff --git a/wp-includes/version.php b/wp-includes/version.php index aa8f6d5480..c05a6c2d6f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.1-alpha-44112'; +$wp_version = '5.1-alpha-44113'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.