Prevent editing of protected meta keys.

git-svn-id: http://svn.automattic.com/wordpress/trunk@5723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-06-18 16:28:11 +00:00
parent c09f6ffbdb
commit e8dc080307
1 changed files with 11 additions and 0 deletions

View File

@ -336,6 +336,8 @@ function add_meta( $post_ID ) {
global $wpdb;
$post_ID = (int) $post_ID;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' );
$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
@ -351,6 +353,9 @@ function add_meta( $post_ID ) {
if ( $metakeyinput)
$metakey = $metakeyinput; // default
if ( in_array($metakey, $protected) )
return false;
$result = $wpdb->query( "
INSERT INTO $wpdb->postmeta
(post_id,meta_key,meta_value )
@ -405,6 +410,12 @@ function has_meta( $postid ) {
function update_meta( $mid, $mkey, $mvalue ) {
global $wpdb;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug' );
if ( in_array($mkey, $protected) )
return false;
$mvalue = maybe_serialize( stripslashes( $mvalue ));
$mvalue = $wpdb->escape( $mvalue );
$mid = (int) $mid;