Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591
git-svn-id: http://svn.automattic.com/wordpress/trunk@4382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith
@@ -981,6 +981,18 @@ function list_meta($meta) {
|
||||
$style = '';
|
||||
if ('_' == $entry['meta_key'] { 0 })
|
||||
$style .= ' hidden';
|
||||
|
||||
if ( is_serialized($entry['meta_value']) ) {
|
||||
if ( 's' == $entry['meta_value']{0} ) {
|
||||
// this is a serialized string, so we should display it
|
||||
$entry['meta_value'] = maybe_unserialize($entry['meta_value']);
|
||||
} else {
|
||||
// this is a serialized array/object so we should NOT display it
|
||||
--$count;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
$key_js = js_escape($entry['meta_key']);
|
||||
$entry['meta_key'] = wp_specialchars( $entry['meta_key'], true );
|
||||
$entry['meta_value'] = wp_specialchars( $entry['meta_value'], true );
|
||||
@@ -1056,7 +1068,8 @@ function add_meta($post_ID) {
|
||||
|
||||
$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
|
||||
$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
|
||||
$metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue'])));
|
||||
$metavalue = prepare_data(stripslashes((trim($_POST['metavalue']))));
|
||||
$metavalue = $wpdb->escape($metavalue);
|
||||
|
||||
if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) {
|
||||
// We have a key/value pair. If both the select and the
|
||||
@@ -1087,8 +1100,9 @@ function delete_meta($mid) {
|
||||
|
||||
function update_meta($mid, $mkey, $mvalue) {
|
||||
global $wpdb;
|
||||
if ( is_serialized(stripslashes($mvalue)) ) // $mvalue looks to be already serialized, so we should serialize it again to prevent the data from coming out in a different form than it came in
|
||||
$mvalue = serialize($mvalue);
|
||||
$mid = (int) $mid;
|
||||
|
||||
return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
|
||||
}
|
||||
|
||||
|
||||
@@ -124,23 +124,32 @@ default:
|
||||
<table width="98%">
|
||||
<?php
|
||||
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
|
||||
foreach ( (array) $options as $option )
|
||||
$options_to_update[] = $option->option_name;
|
||||
$options_to_update = implode(',', $options_to_update);
|
||||
?>
|
||||
|
||||
<input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" />
|
||||
|
||||
<?php
|
||||
foreach ( (array) $options as $option) :
|
||||
$value = wp_specialchars($option->option_value, 'single');
|
||||
$disabled = '';
|
||||
if ( is_serialized($option->option_value) ) {
|
||||
if ( 's' == $option->option_value{0} ) {
|
||||
// this is a serialized string, so we should display it
|
||||
$value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
|
||||
$options_to_update[] = $option->option_name;
|
||||
$class = 'all-options';
|
||||
} else {
|
||||
$value = 'SERIALIZED DATA';
|
||||
$disabled = ' disabled="disabled"';
|
||||
$class = 'all-options disabled';
|
||||
}
|
||||
} else {
|
||||
$value = wp_specialchars($option->option_value, 'single');
|
||||
$options_to_update[] = $option->option_name;
|
||||
$class = 'all-options';
|
||||
}
|
||||
echo "
|
||||
<tr>
|
||||
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
|
||||
<td>";
|
||||
|
||||
if (stristr($value, "\n")) echo "<textarea class='all-options' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
|
||||
else echo "<input class='all-options' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' />";
|
||||
if (stristr($value, "\n")) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
|
||||
else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
|
||||
|
||||
echo "</td>
|
||||
<td>$option->option_description</td>
|
||||
@@ -148,7 +157,8 @@ foreach ( (array) $options as $option) :
|
||||
endforeach;
|
||||
?>
|
||||
</table>
|
||||
<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>
|
||||
<?php $options_to_update = implode(',', $options_to_update); ?>
|
||||
<p class="submit"><input type="hidden" name="page_options" value="<?php echo wp_specialchars($options_to_update, true); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
|
||||
@@ -445,6 +445,10 @@ textarea.all-options, input.all-options {
|
||||
width: 250px;
|
||||
}
|
||||
|
||||
input.disabled, textarea.disabled {
|
||||
background: #ccc;
|
||||
}
|
||||
|
||||
#adminmenu {
|
||||
background: #83B4D8;
|
||||
border-top: 3px solid #448abd;
|
||||
|
||||
Reference in New Issue
Block a user