From 14954d7fca73931faf209f3b7e394eb1619b99bd Mon Sep 17 00:00:00 2001
From: azaozz <azaozz@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 13 Oct 2008 02:48:45 +0000
Subject: [PATCH] Fix stripslashes for post metadata, phpDoc updates for
 media.php, props jacobsantos, fixes #7871

git-svn-id: http://svn.automattic.com/wordpress/trunk@9129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/media.php | 37 ++++++++++++++++++++-----------------
 wp-includes/post.php        | 30 ++++++++++++++----------------
 2 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 0a97567c7..548687441 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -680,9 +680,8 @@ function media_upload_library() {
 	return wp_iframe( 'media_upload_library_form', $errors );
 }
 
-// produce HTML for the image alignment radio buttons with the specified one checked
 /**
- * {@internal Missing Short Description}}
+ * Retrieve HTML for the image alignment radio buttons with the specified one checked.
  *
  * @since unknown
  *
@@ -706,9 +705,8 @@ function image_align_input_fields($post, $checked='') {
 	return join("\n", $out);
 }
 
-// produce HTML for the size radio buttons with the specified one checked
 /**
- * {@internal Missing Short Description}}
+ * Retrieve HTML for the size radio buttons with the specified one checked.
  *
  * @since unknown
  *
@@ -723,7 +721,7 @@ function image_size_input_fields($post, $checked='') {
 		
 		foreach ( $size_names as $size => $name) {
 			$downsize = image_downsize($post->ID, $size);
-			
+
 			// is this size selectable?
 			$enabled = ( $downsize[3] || 'full' == $size );
 			$css_id = "image-size-{$size}-{$post->ID}";
@@ -753,9 +751,8 @@ function image_size_input_fields($post, $checked='') {
 		);
 }
 
-// produce HTML for the Link URL buttons with the default link type as specified
 /**
- * {@internal Missing Short Description}}
+ * Retrieve HTML for the Link URL buttons with the default link type as specified.
  *
  * @since unknown
  *
@@ -960,13 +957,17 @@ function get_attachment_fields_to_edit($post, $errors = null) {
 }
 
 /**
- * {@internal Missing Short Description}}
+ * Retrieve HTML for media items of post gallery.
+ *
+ * The HTML markup retrieved will be created for the progress of SWF Upload
+ * component. Will also create link for showing and hiding the form to modify
+ * the image attachment.
  *
  * @since unknown
  *
- * @param unknown_type $post_id
- * @param unknown_type $errors
- * @return unknown
+ * @param int $post_id Optional. Post ID.
+ * @param array $errors Errors for attachment, if any.
+ * @return string
  */
 function get_media_items( $post_id, $errors ) {
 	if ( $post_id ) {
@@ -992,13 +993,13 @@ function get_media_items( $post_id, $errors ) {
 }
 
 /**
- * {@internal Missing Short Description}}
+ * Retrieve HTML form for modifying the image attachment.
  *
  * @since unknown
  *
- * @param unknown_type $attachment_id
- * @param unknown_type $args
- * @return unknown
+ * @param int $attachment_id Attachment ID for modification.
+ * @param string|array $args Optional. Override defaults.
+ * @return string HTML form for attachment.
  */
 function get_media_item( $attachment_id, $args = null ) {
 	global $redir_tab;
@@ -1803,10 +1804,11 @@ function type_form_file() {
 ';
 }
 
-// support a GET parameter for disabling the flash uploader
 /**
  * {@internal Missing Short Description}}
  *
+ * Support a GET parameter for disabling the flash uploader.
+ *
  * @since unknown
  *
  * @param unknown_type $flash
@@ -1853,10 +1855,11 @@ function media_upload_html_bypass() {
 add_action('post-flash-upload-ui', 'media_upload_flash_bypass');
 add_action('post-html-upload-ui', 'media_upload_html_bypass');
 
-// make sure the GET parameter sticks when we submit a form
 /**
  * {@internal Missing Short Description}}
  *
+ * Make sure the GET parameter sticks when we submit a form.
+ *
  * @since unknown
  *
  * @param unknown_type $url
diff --git a/wp-includes/post.php b/wp-includes/post.php
index 804abe6ac..f01443219 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -519,12 +519,11 @@ function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
 
 	// expected_slashed ($meta_key)
 	$meta_key = stripslashes($meta_key);
-	$meta_value = stripslashes($meta_value);
 
 	if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
 		return false;
 
-	$meta_value = maybe_serialize($meta_value);
+	$meta_value = maybe_serialize( stripslashes_deep($meta_value) );
 
 	$wpdb->insert( $wpdb->postmeta, compact( 'post_id', 'meta_key', 'meta_value' ) );
 
@@ -545,31 +544,31 @@ function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
  * @link http://codex.wordpress.org/Function_Reference/delete_post_meta
  *
  * @param int $post_id post ID
- * @param string $key Metadata name.
- * @param mixed $value Optional. Metadata value.
+ * @param string $meta_key Metadata name.
+ * @param mixed $meta_value Optional. Metadata value.
  * @return bool False for failure. True for success.
  */
-function delete_post_meta($post_id, $key, $value = '') {
+function delete_post_meta($post_id, $meta_key, $meta_value = '') {
 	global $wpdb;
 
 	$post_id = absint( $post_id );
 
-	// expected_slashed ($key, $value)
-	$key = stripslashes( $key );
-	$value = stripslashes( $value );
+	// expected_slashed ($meta_key, $meta_value)
+	$meta_key = stripslashes( $meta_key );
+	$meta_value = maybe_serialize( stripslashes_deep($meta_value) );
 
-	if ( empty( $value ) )
-		$meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) );
+	if ( empty( $meta_value ) )
+		$meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) );
 	else
-		$meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) );
+		$meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) );
 
 	if ( !$meta_id )
 		return false;
 
-	if ( empty( $value ) )
-		$wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) );
+	if ( empty( $meta_value ) )
+		$wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) );
 	else
-		$wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) );
+		$wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) );
 
 	wp_cache_delete($post_id, 'post_meta');
 
@@ -632,13 +631,12 @@ function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') {
 
 	// expected_slashed ($meta_key)
 	$meta_key = stripslashes($meta_key);
-	$meta_value = stripslashes($meta_value);
 
 	if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) {
 		return add_post_meta($post_id, $meta_key, $meta_value);
 	}
 
-	$meta_value = maybe_serialize($meta_value);
+	$meta_value = maybe_serialize( stripslashes_deep($meta_value) );
 
 	$data  = compact( 'meta_value' );
 	$where = compact( 'meta_key', 'post_id' );