diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php
--- a/wp/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php	Mon Oct 14 18:06:33 2019 +0200
+++ b/wp/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php	Mon Oct 14 18:28:13 2019 +0200
@@ -52,11 +52,15 @@
 	 * @see register_rest_field()
 	 */
 	public function register_field() {
-		register_rest_field( $this->get_rest_field_type(), 'meta', array(
-			'get_callback'    => array( $this, 'get_value' ),
-			'update_callback' => array( $this, 'update_value' ),
-			'schema'          => $this->get_field_schema(),
-		));
+		register_rest_field(
+			$this->get_rest_field_type(),
+			'meta',
+			array(
+				'get_callback'    => array( $this, 'get_value' ),
+				'update_callback' => array( $this, 'update_value' ),
+				'schema'          => $this->get_field_schema(),
+			)
+		);
 	}
 
 	/**
@@ -73,7 +77,7 @@
 		$response = array();
 
 		foreach ( $fields as $meta_key => $args ) {
-			$name = $args['name'];
+			$name       = $args['name'];
 			$all_values = get_metadata( $this->get_meta_type(), $object_id, $meta_key, false );
 			if ( $args['single'] ) {
 				if ( empty( $all_values ) ) {
@@ -185,7 +189,10 @@
 				'rest_cannot_delete',
 				/* translators: %s: custom field key */
 				sprintf( __( 'Sorry, you are not allowed to edit the %s custom field.' ), $name ),
-				array( 'key' => $name, 'status' => rest_authorization_required_code() )
+				array(
+					'key'    => $name,
+					'status' => rest_authorization_required_code(),
+				)
 			);
 		}
 
@@ -193,7 +200,10 @@
 			return new WP_Error(
 				'rest_meta_database_error',
 				__( 'Could not delete meta value from database.' ),
-				array( 'key' => $name, 'status' => WP_Http::INTERNAL_SERVER_ERROR )
+				array(
+					'key'    => $name,
+					'status' => WP_Http::INTERNAL_SERVER_ERROR,
+				)
 			);
 		}
 
@@ -220,7 +230,10 @@
 				'rest_cannot_update',
 				/* translators: %s: custom field key */
 				sprintf( __( 'Sorry, you are not allowed to edit the %s custom field.' ), $name ),
-				array( 'key' => $name, 'status' => rest_authorization_required_code() )
+				array(
+					'key'    => $name,
+					'status' => rest_authorization_required_code(),
+				)
 			);
 		}
 
@@ -255,7 +268,10 @@
 				return new WP_Error(
 					'rest_meta_database_error',
 					__( 'Could not update meta value in database.' ),
-					array( 'key' => $name, 'status' => WP_Http::INTERNAL_SERVER_ERROR )
+					array(
+						'key'    => $name,
+						'status' => WP_Http::INTERNAL_SERVER_ERROR,
+					)
 				);
 			}
 		}
@@ -265,7 +281,10 @@
 				return new WP_Error(
 					'rest_meta_database_error',
 					__( 'Could not update meta value in database.' ),
-					array( 'key' => $name, 'status' => WP_Http::INTERNAL_SERVER_ERROR )
+					array(
+						'key'    => $name,
+						'status' => WP_Http::INTERNAL_SERVER_ERROR,
+					)
 				);
 			}
 		}
@@ -286,32 +305,36 @@
 	 */
 	protected function update_meta_value( $object_id, $meta_key, $name, $value ) {
 		$meta_type = $this->get_meta_type();
-		if ( ! current_user_can(  "edit_{$meta_type}_meta", $object_id, $meta_key ) ) {
+		if ( ! current_user_can( "edit_{$meta_type}_meta", $object_id, $meta_key ) ) {
 			return new WP_Error(
 				'rest_cannot_update',
 				/* translators: %s: custom field key */
 				sprintf( __( 'Sorry, you are not allowed to edit the %s custom field.' ), $name ),
-				array( 'key' => $name, 'status' => rest_authorization_required_code() )
+				array(
+					'key'    => $name,
+					'status' => rest_authorization_required_code(),
+				)
 			);
 		}
 
-		$meta_key   = wp_slash( $meta_key );
-		$meta_value = wp_slash( $value );
-
 		// Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false.
 		$old_value = get_metadata( $meta_type, $object_id, $meta_key );
+		$subtype   = get_object_subtype( $meta_type, $object_id );
 
 		if ( 1 === count( $old_value ) ) {
-			if ( $old_value[0] === $meta_value ) {
+			if ( (string) sanitize_meta( $meta_key, $value, $meta_type, $subtype ) === $old_value[0] ) {
 				return true;
 			}
 		}
 
-		if ( ! update_metadata( $meta_type, $object_id, $meta_key, $meta_value ) ) {
+		if ( ! update_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) {
 			return new WP_Error(
 				'rest_meta_database_error',
 				__( 'Could not update meta value in database.' ),
-				array( 'key' => $name, 'status' => WP_Http::INTERNAL_SERVER_ERROR )
+				array(
+					'key'    => $name,
+					'status' => WP_Http::INTERNAL_SERVER_ERROR,
+				)
 			);
 		}
 
@@ -361,7 +384,7 @@
 				'default'     => isset( $args['default'] ) ? $args['default'] : null,
 			);
 
-			$rest_args = array_merge( $default_args, $rest_args );
+			$rest_args           = array_merge( $default_args, $rest_args );
 			$rest_args['schema'] = array_merge( $default_schema, $rest_args['schema'] );
 
 			$type = ! empty( $rest_args['type'] ) ? $rest_args['type'] : null;
@@ -375,7 +398,7 @@
 				$rest_args['schema']['items'] = array(
 					'type' => $rest_args['type'],
 				);
-				$rest_args['schema']['type'] = 'array';
+				$rest_args['schema']['type']  = 'array';
 			}
 
 			$registered[ $name ] = $rest_args;