Skip to content

Commit

Permalink
Meta: Sanitize meta key before checking protection status.
Browse files Browse the repository at this point in the history 
Props zieladam, peterwilsoncc, xknown, whyisjake.


Built from https://develop.svn.wordpress.org/branches/5.5@49378


git-svn-id: http://core.svn.wordpress.org/branches/5.5@49137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information
@whyisjake
whyisjake committed Oct 29, 2020
1 parent 951e583 commit 270c69e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion wp-includes/meta.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1159,7 +1159,8 @@ function _get_meta_table( $type ) {
* @return bool Whether the meta key is considered protected.
*/
function is_protected_meta( $meta_key, $meta_type = '' ) {
$protected = ( '_' === $meta_key[0] );
$sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
$protected = strlen( $sanitized_key ) > 0 && ( '_' == $sanitized_key[0] );

/**
* Filters whether a meta key is considered protected.
Expand Down
2 changes: 1 addition & 1 deletion wp-includes/version.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.5.2-alpha-49377';
$wp_version = '5.5.2-alpha-49378';

/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
Expand Down

0 comments on commit 270c69e

Please sign in to comment.