From 7edcf1b07e37b15f1f6350e6c5dbdf203e32c060 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Wed, 3 Aug 2011 18:20:15 +0000
Subject: [PATCH] Use *_metadata_by_mid() API in set_custom_fields(). Handle
 slashing when checking caps for key.  see #18195

git-svn-id: https://develop.svn.wordpress.org/trunk@18501 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/class-wp-xmlrpc-server.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index f7a26ae09e..9179f615f1 100644
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -262,16 +262,18 @@ class wp_xmlrpc_server extends IXR_Server {
 			if ( isset($meta['id']) ) {
 				$meta['id'] = (int) $meta['id'];
 				$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
+				$meta['value'] = stripslashes_deep( $meta['value'] );
 				if ( isset($meta['key']) ) {
+					$meta['key'] = stripslashes( $meta['key'] );
 					if ( $meta['key'] != $pmeta->meta_key )
 						continue;
 					if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
-						update_meta( $meta['id'], $meta['key'], $meta['value'] );
+						update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
 				} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
-						delete_meta( $meta['id'] );
+					delete_metadata_by_mid( 'post', $meta['id'] );
 				}
-			} elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) {
-					add_post_meta( $post_id, $meta['key'], $meta['value'] );
+			} elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
+				add_post_meta( $post_id, $meta['key'], $meta['value'] );
 			}
 		}
 	}