From 514632d860eb75417e6e430f70f94ec3883cb543 Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 3 Aug 2011 19:14:06 +0000 Subject: [PATCH] Use *_metadata_by_mid() API when updating post meta in admin ajax. Fix slashing. see #18195 git-svn-id: http://svn.automattic.com/wordpress/trunk@18502 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-ajax.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 6cc9fe202..7d82d2cf0 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -861,25 +861,23 @@ case 'add-meta' : ) ); } else { // Update? $mid = (int) array_pop( array_keys($_POST['meta']) ); - $key = $_POST['meta'][$mid]['key']; - $value = $_POST['meta'][$mid]['value']; + $key = stripslashes( $_POST['meta'][$mid]['key'] ); + $value = stripslashes( $_POST['meta'][$mid]['value'] ); if ( '' == trim($key) ) die(__('Please provide a custom field name.')); if ( '' == trim($value) ) die(__('Please provide a custom field value.')); - if ( !$meta = get_post_meta_by_id( $mid ) ) + if ( ! $meta = get_metadata_by_mid( 'post', $mid ) ) die('0'); // if meta doesn't exist if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) die('-1'); - if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) { - if ( !$u = update_meta( $mid, $key, $value ) ) + if ( $meta->meta_value != $value || $meta->meta_key != $key ) { + if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) ) die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). } - $key = stripslashes($key); - $value = stripslashes($value); $x = new WP_Ajax_Response( array( 'what' => 'meta', 'id' => $mid, 'old_id' => $mid,