After [29339] and [29341], add more unit tests and less ambiguous type-checking before bailing in meta-related functions that expect a numeric value for $object_id.

Props SergeyBiryukov. Fixes #28315. git-svn-id: https://develop.svn.wordpress.org/trunk@29421 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 22:30:04 +00:00 · 2014-08-06 22:07:42 +00:00
parent 5f2fa44dee
commit e9ba499f23
2 changed files with 99 additions and 41 deletions
--- a/src/wp-includes/meta.php
+++ b/src/wp-includes/meta.php
@@ -27,17 +27,22 @@
 * @return int|bool The meta ID on success, false on failure.
 */
 function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique = false) {
-	if ( !$meta_type || !$meta_key )
-		return false;
-
-	if ( !$object_id = absint($object_id) )
-		return false;
-
-	if ( ! $table = _get_meta_table($meta_type) )
-		return false;
-
 	global $wpdb;

+	if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
+		return false;
+	}
+
+	$object_id = absint( $object_id );
+	if ( ! $object_id ) {
+		return false;
+	}
+
+	$table = _get_meta_table( $meta_type );
+	if ( ! $table ) {
+		return false;
+	}
+
 	$column = sanitize_key($meta_type . '_id');

 	// expected_slashed ($meta_key)
@@ -134,17 +139,21 @@ function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique =
 * @return int|bool Meta ID if the key didn't exist, true on successful update, false on failure.
 */
 function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_value = '') {
-	if ( !$meta_type || !$meta_key )
-		return false;
+	global $wpdb;

-	if ( ! is_numeric( $object_id ) || ! $object_id = absint( $object_id ) ) {
+	if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
 		return false;
 	}

-	if ( ! $table = _get_meta_table($meta_type) )
+	$object_id = absint( $object_id );
+	if ( ! $object_id ) {
 		return false;
+	}

-	global $wpdb;
+	$table = _get_meta_table( $meta_type );
+	if ( ! $table ) {
+		return false;
+	}

 	$column = sanitize_key($meta_type . '_id');
 	$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
@@ -282,17 +291,22 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v
 * @return bool True on successful delete, false on failure.
 */
 function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false) {
-	if ( !$meta_type || !$meta_key )
-		return false;
-
-	if ( (!$object_id = absint($object_id)) && !$delete_all )
-		return false;
-
-	if ( ! $table = _get_meta_table($meta_type) )
-		return false;
-
 	global $wpdb;

+	if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) && ! $delete_all ) {
+		return false;
+	}
+
+	$object_id = absint( $object_id );
+	if ( ! $object_id && ! $delete_all ) {
+		return false;
+	}
+
+	$table = _get_meta_table( $meta_type );
+	if ( ! $table ) {
+		return false;
+	}
+
 	$type_column = sanitize_key($meta_type . '_id');
 	$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
 	// expected_slashed ($meta_key)
@@ -424,11 +438,14 @@ function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $d
 * @return string|array Single metadata value, or array of values
 */
 function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) {
-	if ( !$meta_type )
+	if ( ! $meta_type || ! is_numeric( $object_id ) ) {
 		return false;
+	}

-	if ( !$object_id = absint($object_id) )
+	$object_id = absint( $object_id );
+	if ( ! $object_id ) {
 		return false;
+	}

 	/**
 	 * Filter whether to retrieve metadata of a specific type.
@@ -488,11 +505,14 @@ function get_metadata($meta_type, $object_id, $meta_key = '', $single = false) {
 * @return boolean true of the key is set, false if not.
 */
 function metadata_exists( $meta_type, $object_id, $meta_key ) {
-	if ( ! $meta_type )
+	if ( ! $meta_type || ! is_numeric( $object_id ) ) {
 		return false;
+	}

-	if ( ! $object_id = absint( $object_id ) )
+	$object_id = absint( $object_id );
+	if ( ! $object_id ) {
 		return false;
+	}

 	/** This filter is documented in wp-includes/meta.php */
 	$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true );
@@ -524,14 +544,19 @@ function metadata_exists( $meta_type, $object_id, $meta_key ) {
 function get_metadata_by_mid( $meta_type, $meta_id ) {
 	global $wpdb;

-	if ( ! $meta_type )
+	if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
 		return false;
+	}

-	if ( !$meta_id = absint( $meta_id ) )
+	$meta_id = absint( $meta_id );
+	if ( ! $meta_id ) {
 		return false;
+	}

-	if ( ! $table = _get_meta_table($meta_type) )
+	$table = _get_meta_table( $meta_type );
+	if ( ! $table ) {
 		return false;
+	}

 	$id_column = ( 'user' == $meta_type ) ? 'umeta_id' : 'meta_id';

@@ -564,14 +589,19 @@ function update_metadata_by_mid( $meta_type, $meta_id, $meta_value, $meta_key =
 	global $wpdb;

 	// Make sure everything is valid.
-	if ( ! $meta_type )
+	if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
 		return false;
+	}

-	if ( ! $meta_id = absint( $meta_id ) )
+	$meta_id = absint( $meta_id );
+	if ( ! $meta_id ) {
 		return false;
+	}

-	if ( ! $table = _get_meta_table( $meta_type ) )
+	$table = _get_meta_table( $meta_type );
+	if ( ! $table ) {
 		return false;
+	}

 	$column = sanitize_key($meta_type . '_id');
 	$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
@@ -651,14 +681,19 @@ function delete_metadata_by_mid( $meta_type, $meta_id ) {
 	global $wpdb;

 	// Make sure everything is valid.
-	if ( ! $meta_type )
+	if ( ! $meta_type || ! is_numeric( $meta_id ) ) {
 		return false;
+	}

-	if ( ! $meta_id = absint( $meta_id ) )
+	$meta_id = absint( $meta_id );
+	if ( ! $meta_id ) {
 		return false;
+	}

-	if ( ! $table = _get_meta_table( $meta_type ) )
+	$table = _get_meta_table( $meta_type );
+	if ( ! $table ) {
 		return false;
+	}

 	// object and id columns
 	$column = sanitize_key($meta_type . '_id');
@@ -729,16 +764,19 @@ function delete_metadata_by_mid( $meta_type, $meta_id ) {
 * @return mixed Metadata cache for the specified objects, or false on failure.
 */
 function update_meta_cache($meta_type, $object_ids) {
-	if ( empty( $meta_type ) || empty( $object_ids ) )
-		return false;
+	global $wpdb;

-	if ( ! $table = _get_meta_table($meta_type) )
+	if ( ! $meta_type || ! $object_ids ) {
 		return false;
+	}
+
+	$table = _get_meta_table( $meta_type );
+	if ( ! $table ) {
+		return false;
+	}

 	$column = sanitize_key($meta_type . '_id');

-	global $wpdb;
-
 	if ( !is_array($object_ids) ) {
 		$object_ids = preg_replace('|[^0-9,]|', '', $object_ids);
 		$object_ids = explode(',', $object_ids);
--- a/tests/phpunit/tests/meta.php
+++ b/tests/phpunit/tests/meta.php
@@ -236,4 +236,24 @@ class Tests_Meta extends WP_UnitTestCase {

 		$this->assertEquals( wp_list_pluck( $posts, 'post_title' ), wp_list_pluck( $posts2, 'post_title' ) );
 	}
+
+	/**
+	 * @ticket 28315
+	 */
+	function test_non_numeric_object_id() {
+		$this->assertFalse( add_metadata( 'user', array( 1 ), 'meta_key', 'meta_value' ) );
+		$this->assertFalse( update_metadata( 'user', array( 1 ), 'meta_key', 'meta_new_value' ) );
+		$this->assertFalse( delete_metadata( 'user', array( 1 ), 'meta_key' ) );
+		$this->assertFalse( get_metadata( 'user', array( 1 ) ) );
+		$this->assertFalse( metadata_exists( 'user', array( 1 ), 'meta_key' ) );
+	}
+
+	/**
+	 * @ticket 28315
+	 */
+	function test_non_numeric_meta_id() {
+		$this->assertFalse( get_metadata_by_mid( 'user', array( 1 ) ) );
+		$this->assertFalse( update_metadata_by_mid( 'user', array( 1 ), 'meta_new_value' ) );
+		$this->assertFalse( delete_metadata_by_mid( 'user', array( 1 ) ) );
+	}
 }