From e8dc080307359f270a53932b76558e7454294e7a Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 18 Jun 2007 16:28:11 +0000
Subject: [PATCH] Prevent editing of protected meta keys.

git-svn-id: http://svn.automattic.com/wordpress/trunk@5723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/post.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index 46ed65fb02..8e3a75821d 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -336,6 +336,8 @@ function add_meta( $post_ID ) {
 	global $wpdb;
 	$post_ID = (int) $post_ID;
 
+	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' );
+
 	$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
 	$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
 	$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
@@ -351,6 +353,9 @@ function add_meta( $post_ID ) {
 		if ( $metakeyinput)
 			$metakey = $metakeyinput; // default
 
+		if ( in_array($metakey, $protected) )
+			return false;
+
 		$result = $wpdb->query( "
 						INSERT INTO $wpdb->postmeta 
 						(post_id,meta_key,meta_value ) 
@@ -405,6 +410,12 @@ function has_meta( $postid ) {
 
 function update_meta( $mid, $mkey, $mvalue ) {
 	global $wpdb;
+
+	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' );
+
+	if ( in_array($mkey, $protected) )
+		return false;
+
 	$mvalue = maybe_serialize( stripslashes( $mvalue ));
 	$mvalue = $wpdb->escape( $mvalue );
 	$mid = (int) $mid;