Skip to content

Commit

Permalink
After [29339] and [29341], add more unit tests and less ambiguous typ…
Browse files Browse the repository at this point in the history 
…e-checking before bailing in meta-related functions that expect a numeric value for `$object_id`.

Props SergeyBiryukov.
Fixes #28315.

Built from https://develop.svn.wordpress.org/trunk@29421


git-svn-id: http://core.svn.wordpress.org/trunk@29199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information
@staylor
staylor committed Aug 6, 2014
1 parent 935f104 commit eb66e40
Showing 1 changed file with 70 additions and 32 deletions.
102 changes: 70 additions & 32 deletions wp-includes/meta.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,16 +27,21 @@
* @return int|bool The meta ID on success, false on failure.
*/
function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique = false) {
if ( !$meta_type || !$meta_key )
return false;
global $wpdb;

if ( !$object_id = absint($object_id) )
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
return false;
}

if ( ! $table = _get_meta_table($meta_type) )
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}

global $wpdb;
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}

$column = sanitize_key($meta_type . '_id');

Expand Down Expand Up @@ -134,17 +139,21 @@ function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique =
* @return int|bool Meta ID if the key didn't exist, true on successful update, false on failure.
*/
function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_value = '') {
if ( !$meta_type || !$meta_key )
return false;
global $wpdb;

if ( ! is_numeric( $object_id ) || ! $object_id = absint( $object_id ) ) {
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
return false;
}

if ( ! $table = _get_meta_table($meta_type) )
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}

global $wpdb;
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}

$column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
Expand Down Expand Up @@ -282,16 +291,21 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v
* @return bool True on successful delete, false on failure.
*/
function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false) {
if ( !$meta_type || !$meta_key )
return false;
global $wpdb;

if ( (!$object_id = absint($object_id)) && !$delete_all )
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) && ! $delete_all ) {
return false;
}

if ( ! $table = _get_meta_table($meta_type) )
$object_id = absint( $object_id );
if ( ! $object_id && ! $delete_all ) {
return false;
}

global $wpdb;
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}

$type_column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
Expand Down Expand Up @@ -424,11 +438,14 @@ function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $d
* @return string|array Single metadata value, or array of values
*/
function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) {
if ( !$meta_type )
if ( ! $meta_type || ! is_numeric( $object_id ) ) {
return false;
}

if ( !$object_id = absint($object_id) )
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}

/**
* Filter whether to retrieve metadata of a specific type.
Expand Down Expand Up @@ -488,11 +505,14 @@ function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) {
* @return boolean true of the key is set, false if not.
*/
function metadata_exists( $meta_type, $object_id, $meta_key ) {
if ( ! $meta_type )
if ( ! $meta_type || ! is_numeric( $object_id ) ) {
return false;
}

if ( ! $object_id = absint( $object_id ) )
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}

/** This filter is documented in wp-includes/meta.php */
$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true );
Expand Down Expand Up @@ -524,14 +544,19 @@ function metadata_exists( $meta_type, $object_id, $meta_key ) {
function get_metadata_by_mid( $meta_type, $meta_id ) {
global $wpdb;

if ( ! $meta_type )
if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
return false;
}

if ( !$meta_id = absint( $meta_id ) )
$meta_id = absint( $meta_id );
if ( ! $meta_id ) {
return false;
}

if ( ! $table = _get_meta_table($meta_type) )
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}

$id_column = ( 'user' == $meta_type ) ? 'umeta_id' : 'meta_id';

Expand Down Expand Up @@ -564,14 +589,19 @@ function update_metadata_by_mid( $meta_type, $meta_id, $meta_value, $meta_key =
global $wpdb;

// Make sure everything is valid.
if ( ! $meta_type )
if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
return false;
}

if ( ! $meta_id = absint( $meta_id ) )
$meta_id = absint( $meta_id );
if ( ! $meta_id ) {
return false;
}

if ( ! $table = _get_meta_table( $meta_type ) )
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}

$column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
Expand Down Expand Up @@ -651,14 +681,19 @@ function delete_metadata_by_mid( $meta_type, $meta_id ) {
global $wpdb;

// Make sure everything is valid.
if ( ! $meta_type )
if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
return false;
}

if ( ! $meta_id = absint( $meta_id ) )
$meta_id = absint( $meta_id );
if ( ! $meta_id ) {
return false;
}

if ( ! $table = _get_meta_table( $meta_type ) )
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}

// object and id columns
$column = sanitize_key($meta_type . '_id');
Expand Down Expand Up @@ -729,16 +764,19 @@ function delete_metadata_by_mid( $meta_type, $meta_id ) {
* @return mixed Metadata cache for the specified objects, or false on failure.
*/
function update_meta_cache($meta_type, $object_ids) {
if ( empty( $meta_type ) || empty( $object_ids ) )
global $wpdb;

if ( ! $meta_type || ! $object_ids ) {
return false;
}

if ( ! $table = _get_meta_table($meta_type) )
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}

$column = sanitize_key($meta_type . '_id');

global $wpdb;

if ( !is_array($object_ids) ) {
$object_ids = preg_replace('|[^0-9,]|', '', $object_ids);
$object_ids = explode(',', $object_ids);
Expand Down

0 comments on commit eb66e40

Please sign in to comment.