Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-28 07:07:38 +02:00
Code Issues Projects Releases Wiki Activity

Prevent editing of protected meta keys for 2.0.x

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-06-20 19:21:08 +00:00
parent 585d7513a8
commit c26a4fa050
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wp-admin/admin-functions.php
View File

@ -938,6 +938,8 @@ function add_meta($post_ID) {
global $wpdb;
$post_ID = (int) $post_ID;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
$metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue']))));
@ -953,6 +955,9 @@ function add_meta($post_ID) {
if ($metakeyinput)
$metakey = $metakeyinput; // default
if ( in_array($metakey, $protected) )
return false;
$result = $wpdb->query("
INSERT INTO $wpdb->postmeta
(post_id,meta_key,meta_value)
@ -970,6 +975,12 @@ function delete_meta($mid) {
function update_meta($mid, $mkey, $mvalue) {
global $wpdb;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
if ( in_array($mkey, $protected) )
return false;
$mvalue = maybe_serialize(stripslashes($mvalue));
$mvalue = $wpdb->escape($mvalue);
$mid = (int) $mid;