* @param bool $unique Optional, default is false. Whether the specified metadata key should be
* unique for the object. If true, and the object already has a value for the specified
* metadata key, no change will be made
- * @return bool The meta ID on successful update, false on failure.
+ * @return int|bool The meta ID on successful update, false on failure.
*/
function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique = false) {
if ( !$meta_type || !$meta_key )
global $wpdb;
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
// expected_slashed ($meta_key)
- $meta_key = stripslashes($meta_key);
- $meta_value = stripslashes_deep($meta_value);
+ $meta_key = wp_unslash($meta_key);
+ $meta_value = wp_unslash($meta_value);
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
$check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
global $wpdb;
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
- $meta_key = stripslashes($meta_key);
+ $meta_key = wp_unslash($meta_key);
$passed_value = $meta_value;
- $meta_value = stripslashes_deep($meta_value);
+ $meta_value = wp_unslash($meta_value);
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
$check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
if ( null !== $check )
return (bool) $check;
- if ( ! $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) ) )
- return add_metadata($meta_type, $object_id, $meta_key, $passed_value);
-
// Compare existing value to new value if no prev value given and the key exists only once.
if ( empty($prev_value) ) {
$old_value = get_metadata($meta_type, $object_id, $meta_key);
}
}
+ if ( ! $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) ) )
+ return add_metadata($meta_type, $object_id, $meta_key, $passed_value);
+
$_meta_value = $meta_value;
$meta_value = maybe_serialize( $meta_value );
global $wpdb;
- $type_column = esc_sql($meta_type . '_id');
+ $type_column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
- $meta_key = stripslashes($meta_key);
- $meta_value = stripslashes_deep($meta_value);
+ $meta_key = wp_unslash($meta_key);
+ $meta_value = wp_unslash($meta_value);
$check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all );
if ( null !== $check )
if ( ! $table = _get_meta_table( $meta_type ) )
return false;
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// Fetch the meta and go on if it's found.
return false;
// object and id columns
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// Fetch the meta and go on if it's found.
if ( ! $table = _get_meta_table($meta_type) )
return false;
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
global $wpdb;
}
// WP_Query sets 'meta_value' = '' by default
- if ( isset( $qv[ 'meta_value' ] ) && '' !== $qv[ 'meta_value' ] )
+ if ( isset( $qv[ 'meta_value' ] ) && '' !== $qv[ 'meta_value' ] && ( ! is_array( $qv[ 'meta_value' ] ) || $qv[ 'meta_value' ] ) )
$meta_query[0]['value'] = $qv[ 'meta_value' ];
if ( !empty( $qv['meta_query'] ) && is_array( $qv['meta_query'] ) ) {
if ( ! $meta_table = _get_meta_table( $type ) )
return false;
- $meta_id_column = esc_sql( $type . '_id' );
+ $meta_id_column = sanitize_key( $type . '_id' );
$join = array();
$where = array();
+ $key_only_queries = array();
+ $queries = array();
+
+ // Split out the queries with empty arrays as value
foreach ( $this->queries as $k => $q ) {
+ if ( isset( $q['value'] ) && is_array( $q['value'] ) && empty( $q['value'] ) ) {
+ $key_only_queries[$k] = $q;
+ unset( $this->queries[$k] );
+ }
+ }
+
+ // Split out the meta_key only queries (we can only do this for OR)
+ if ( 'OR' == $this->relation ) {
+ foreach ( $this->queries as $k => $q ) {
+ if ( ! isset( $q['value'] ) && ! empty( $q['key'] ) )
+ $key_only_queries[$k] = $q;
+ else
+ $queries[$k] = $q;
+ }
+ } else {
+ $queries = $this->queries;
+ }
+
+ // Specify all the meta_key only queries in one go
+ if ( $key_only_queries ) {
+ $join[] = "INNER JOIN $meta_table ON $primary_table.$primary_id_column = $meta_table.$meta_id_column";
+
+ foreach ( $key_only_queries as $key => $q )
+ $where["key-only-$key"] = $wpdb->prepare( "$meta_table.meta_key = %s", trim( $q['key'] ) );
+ }
+
+ foreach ( $queries as $k => $q ) {
$meta_key = isset( $q['key'] ) ? trim( $q['key'] ) : '';
$meta_type = isset( $q['type'] ) ? strtoupper( $q['type'] ) : 'CHAR';
elseif ( ! in_array( $meta_type, array( 'BINARY', 'CHAR', 'DATE', 'DATETIME', 'DECIMAL', 'SIGNED', 'TIME', 'UNSIGNED' ) ) )
$meta_type = 'CHAR';
+ $meta_value = isset( $q['value'] ) ? $q['value'] : null;
+
+ if ( isset( $q['compare'] ) )
+ $meta_compare = strtoupper( $q['compare'] );
+ else
+ $meta_compare = is_array( $meta_value ) ? 'IN' : '=';
+
+ if ( ! in_array( $meta_compare, array(
+ '=', '!=', '>', '>=', '<', '<=',
+ 'LIKE', 'NOT LIKE',
+ 'IN', 'NOT IN',
+ 'BETWEEN', 'NOT BETWEEN',
+ 'NOT EXISTS'
+ ) ) )
+ $meta_compare = '=';
+
$i = count( $join );
$alias = $i ? 'mt' . $i : $meta_table;
- // Set JOIN
+ if ( 'NOT EXISTS' == $meta_compare ) {
+ $join[$i] = "LEFT JOIN $meta_table";
+ $join[$i] .= $i ? " AS $alias" : '';
+ $join[$i] .= " ON ($primary_table.$primary_id_column = $alias.$meta_id_column AND $alias.meta_key = '$meta_key')";
+
+ $where[$k] = ' ' . $alias . '.' . $meta_id_column . ' IS NULL';
+
+ continue;
+ }
+
$join[$i] = "INNER JOIN $meta_table";
$join[$i] .= $i ? " AS $alias" : '';
$join[$i] .= " ON ($primary_table.$primary_id_column = $alias.$meta_id_column)";
if ( !empty( $meta_key ) )
$where[$k] = $wpdb->prepare( "$alias.meta_key = %s", $meta_key );
- if ( !isset( $q['value'] ) ) {
+ if ( is_null( $meta_value ) ) {
if ( empty( $where[$k] ) )
unset( $join[$i] );
continue;
}
- $meta_value = $q['value'];
-
- $meta_compare = is_array( $meta_value ) ? 'IN' : '=';
- if ( isset( $q['compare'] ) )
- $meta_compare = strtoupper( $q['compare'] );
-
- if ( ! in_array( $meta_compare, array( '=', '!=', '>', '>=', '<', '<=', 'LIKE', 'NOT LIKE', 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN' ) ) )
- $meta_compare = '=';
-
if ( in_array( $meta_compare, array( 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN' ) ) ) {
if ( ! is_array( $meta_value ) )
$meta_value = preg_split( '/[,\s]+/', $meta_value );
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff