diff -r 34716fd837a4 -r be944660c56a wp/wp-includes/meta.php --- a/wp/wp-includes/meta.php Tue Dec 15 15:52:01 2020 +0100 +++ b/wp/wp-includes/meta.php Wed Sep 21 18:19:35 2022 +0200 @@ -497,10 +497,13 @@ * @param int $object_id ID of the object metadata is for. * @param string $meta_key Optional. Metadata key. If not specified, retrieve all metadata for * the specified object. Default empty. - * @param bool $single Optional. If true, return only the first value of the specified meta_key. - * This parameter has no effect if meta_key is not specified. Default false. - * @return mixed Single metadata value, or array of values. - * False if there's a problem with the parameters passed to the function. + * @param bool $single Optional. If true, return only the first value of the specified `$meta_key`. + * This parameter has no effect if `$meta_key` is not specified. Default false. + * @return mixed An array of values if `$single` is false. + * The value of the meta field if `$single` is true. + * False for an invalid `$object_id` (non-numeric, zero, or negative value), + * or if `$meta_type` is not specified. + * An empty string if a valid but non-existing object ID is passed. */ function get_metadata( $meta_type, $object_id, $meta_key = '', $single = false ) { $value = get_metadata_raw( $meta_type, $object_id, $meta_key, $single ); @@ -521,10 +524,13 @@ * @param int $object_id ID of the object metadata is for. * @param string $meta_key Optional. Metadata key. If not specified, retrieve all metadata for * the specified object. Default empty. - * @param bool $single Optional. If true, return only the first value of the specified meta_key. - * This parameter has no effect if meta_key is not specified. Default false. - * @return mixed Single metadata value, or array of values. Null if the value does not exist. - * False if there's a problem with the parameters passed to the function. + * @param bool $single Optional. If true, return only the first value of the specified `$meta_key`. + * This parameter has no effect if `$meta_key` is not specified. Default false. + * @return mixed An array of values if `$single` is false. + * The value of the meta field if `$single` is true. + * False for an invalid `$object_id` (non-numeric, zero, or negative value), + * or if `$meta_type` is not specified. + * Null if the value does not exist. */ function get_metadata_raw( $meta_type, $object_id, $meta_key = '', $single = false ) { if ( ! $meta_type || ! is_numeric( $object_id ) ) { @@ -608,9 +614,10 @@ * or any other object type with an associated meta table. * @param int $object_id ID of the object metadata is for. * @param string $meta_key Metadata key. - * @param bool $single Optional. If true, return only the first value of the specified meta_key. - * This parameter has no effect if meta_key is not specified. Default false. - * @return mixed Single metadata value, or array of values. + * @param bool $single Optional. If true, return only the first value of the specified `$meta_key`. + * This parameter has no effect if `$meta_key` is not specified. Default false. + * @return mixed An array of default values if `$single` is false. + * The default value of the meta field if `$single` is true. */ function get_metadata_default( $meta_type, $object_id, $meta_key, $single = false ) { if ( $single ) { @@ -673,7 +680,7 @@ } /** This filter is documented in wp-includes/meta.php */ - $check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true ); + $check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true, $meta_type ); if ( null !== $check ) { return (bool) $check; } @@ -722,7 +729,7 @@ return false; } - $meta_id = intval( $meta_id ); + $meta_id = (int) $meta_id; if ( $meta_id <= 0 ) { return false; } @@ -771,11 +778,11 @@ * * @global wpdb $wpdb WordPress database abstraction object. * - * @param string $meta_type Type of object metadata is for. Accepts 'post', 'comment', 'term', 'user', - * or any other object type with an associated meta table. - * @param int $meta_id ID for a specific meta row. - * @param string $meta_value Metadata value. Must be serializable if non-scalar. - * @param string $meta_key Optional. You can provide a meta key to update it. Default false. + * @param string $meta_type Type of object metadata is for. Accepts 'post', 'comment', 'term', 'user', + * or any other object type with an associated meta table. + * @param int $meta_id ID for a specific meta row. + * @param string $meta_value Metadata value. Must be serializable if non-scalar. + * @param string|false $meta_key Optional. You can provide a meta key to update it. Default false. * @return bool True on successful update, false on failure. */ function update_metadata_by_mid( $meta_type, $meta_id, $meta_value, $meta_key = false ) { @@ -786,7 +793,7 @@ return false; } - $meta_id = intval( $meta_id ); + $meta_id = (int) $meta_id; if ( $meta_id <= 0 ) { return false; } @@ -808,10 +815,10 @@ * * @since 5.0.0 * - * @param null|bool $check Whether to allow updating metadata for the given type. - * @param int $meta_id Meta ID. - * @param mixed $meta_value Meta value. Must be serializable if non-scalar. - * @param string|bool $meta_key Meta key, if provided. + * @param null|bool $check Whether to allow updating metadata for the given type. + * @param int $meta_id Meta ID. + * @param mixed $meta_value Meta value. Must be serializable if non-scalar. + * @param string|false $meta_key Meta key, if provided. */ $check = apply_filters( "update_{$meta_type}_metadata_by_mid", null, $meta_id, $meta_value, $meta_key ); if ( null !== $check ) { @@ -901,7 +908,7 @@ return false; } - $meta_id = intval( $meta_id ); + $meta_id = (int) $meta_id; if ( $meta_id <= 0 ) { return false; } @@ -1055,14 +1062,14 @@ } // Get meta info. - $id_list = join( ',', $non_cached_ids ); + $id_list = implode( ',', $non_cached_ids ); $id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id'; $meta_list = $wpdb->get_results( "SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list) ORDER BY $id_column ASC", ARRAY_A ); if ( ! empty( $meta_list ) ) { foreach ( $meta_list as $metarow ) { - $mpid = intval( $metarow[ $column ] ); + $mpid = (int) $metarow[ $column ]; $mkey = $metarow['meta_key']; $mval = $metarow['meta_value']; @@ -1159,7 +1166,8 @@ * @return bool Whether the meta key is considered protected. */ function is_protected_meta( $meta_key, $meta_type = '' ) { - $protected = ( '_' === $meta_key[0] ); + $sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key ); + $protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] ); /** * Filters whether a meta key is considered protected. @@ -1400,11 +1408,12 @@ * @param mixed $value Current value passed to filter. * @param int $object_id ID of the object metadata is for. * @param string $meta_key Metadata key. - * @param bool $single If true, return only the first value of the specified meta_key. - * This parameter has no effect if meta_key is not specified. + * @param bool $single If true, return only the first value of the specified `$meta_key`. + * This parameter has no effect if `$meta_key` is not specified. * @param string $meta_type Type of object metadata is for. Accepts 'post', 'comment', 'term', 'user', * or any other object type with an associated meta table. - * @return mixed Single metadata default, or array of defaults. + * @return mixed An array of default values if `$single` is false. + * The default value of the meta field if `$single` is true. */ function filter_default_metadata( $value, $object_id, $meta_key, $single, $meta_type ) { global $wp_meta_keys;