Skip to content

Commit d5ddd6d

Browse files
committed
Meta: Sanitize meta key before checking protection status.
Props zieladam, peterwilsoncc, xknown, whyisjake. Merges [49377,49381] to trunk. git-svn-id: https://develop.svn.wordpress.org/trunk@49387 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 2ca15d1 commit d5ddd6d

File tree

2 files changed

+57
-1
lines changed

2 files changed

+57
-1
lines changed

Diff for: src/wp-includes/meta.php

+2-1
Original file line numberDiff line numberDiff line change
@@ -1159,7 +1159,8 @@ function _get_meta_table( $type ) {
11591159
* @return bool Whether the meta key is considered protected.
11601160
*/
11611161
function is_protected_meta( $meta_key, $meta_type = '' ) {
1162-
$protected = ( '_' === $meta_key[0] );
1162+
$sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
1163+
$protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] );
11631164

11641165
/**
11651166
* Filters whether a meta key is considered protected.

Diff for: tests/phpunit/tests/meta/isProtectedMeta.php

+55
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
<?php
2+
3+
/**
4+
* @group meta
5+
* @covers ::is_protected_meta
6+
*/
7+
class Tests_Meta_isProtectedMeta extends WP_UnitTestCase {
8+
9+
/**
10+
* @dataProvider protected_data
11+
*/
12+
public function test_protected( $key ) {
13+
$this->assertTrue( is_protected_meta( $key ) );
14+
}
15+
16+
public function protected_data() {
17+
$protected_keys = array(
18+
array( '_wp_attachment' ),
19+
);
20+
for ( $i = 0, $max = 31; $i < $max; $i ++ ) {
21+
$protected_keys[] = array( chr( $i ) . '_wp_attachment' );
22+
}
23+
for ( $i = 127, $max = 159; $i <= $max; $i ++ ) {
24+
$protected_keys[] = array( chr( $i ) . '_wp_attachment' );
25+
}
26+
$protected_keys[] = array( chr( 95 ) . '_wp_attachment' );
27+
28+
return $protected_keys;
29+
}
30+
31+
/**
32+
* @dataProvider unprotected_data
33+
*/
34+
public function test_unprotected( $key ) {
35+
$this->assertFalse( is_protected_meta( $key ) );
36+
}
37+
38+
public function unprotected_data() {
39+
$unprotected_keys = array(
40+
array( 'singleword' ),
41+
array( 'two_words' ),
42+
array( 'ąŌ_not_so_protected_meta' ),
43+
);
44+
45+
for ( $i = 32, $max = 94; $i <= $max; $i ++ ) {
46+
$unprotected_keys[] = array( chr( $i ) . '_wp_attachment' );
47+
}
48+
for ( $i = 96, $max = 126; $i <= $max; $i ++ ) {
49+
$unprotected_keys[] = array( chr( $i ) . '_wp_attachment' );
50+
}
51+
52+
return $unprotected_keys;
53+
}
54+
55+
}

0 commit comments

Comments
 (0)