*
* @since 2.9.0
* @uses $wpdb WordPress database object for queries.
- * @uses do_action() Calls 'added_{$meta_type}_meta' with meta_id of added metadata entry,
- * object ID, meta key, and meta value
*
* @param string $meta_type Type of object metadata is for (e.g., comment, post, or user)
* @param int $object_id ID of the object metadata is for
* @param string $meta_key Metadata key
- * @param string $meta_value Metadata value
+ * @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param bool $unique Optional, default is false. Whether the specified metadata key should be
* unique for the object. If true, and the object already has a value for the specified
* metadata key, no change will be made
- * @return bool The meta ID on successful update, false on failure.
+ * @return int|bool The meta ID on success, false on failure.
*/
function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique = false) {
if ( !$meta_type || !$meta_key )
global $wpdb;
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
// expected_slashed ($meta_key)
- $meta_key = stripslashes($meta_key);
- $meta_value = stripslashes_deep($meta_value);
+ $meta_key = wp_unslash($meta_key);
+ $meta_value = wp_unslash($meta_value);
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
+ /**
+ * Filter whether to add metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user). Returning a non-null value
+ * will effectively short-circuit the function.
+ *
+ * @since 3.1.0
+ *
+ * @param null|bool $check Whether to allow adding metadata for the given type.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value. Must be serializable if non-scalar.
+ * @param bool $unique Whether the specified meta key should be unique
+ * for the object. Optional. Default false.
+ */
$check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
if ( null !== $check )
return $check;
$_meta_value = $meta_value;
$meta_value = maybe_serialize( $meta_value );
+ /**
+ * Fires immediately before meta of a specific type is added.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user).
+ *
+ * @since 3.1.0
+ *
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value.
+ */
do_action( "add_{$meta_type}_meta", $object_id, $meta_key, $_meta_value );
$result = $wpdb->insert( $table, array(
wp_cache_delete($object_id, $meta_type . '_meta');
+ /**
+ * Fires immediately after meta of a specific type is added.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user).
+ *
+ * @since 2.9.0
+ *
+ * @param int $mid The meta ID after successful update.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value.
+ */
do_action( "added_{$meta_type}_meta", $mid, $object_id, $meta_key, $_meta_value );
return $mid;
*
* @since 2.9.0
* @uses $wpdb WordPress database object for queries.
- * @uses do_action() Calls 'update_{$meta_type}_meta' before updating metadata with meta_id of
- * metadata entry to update, object ID, meta key, and meta value
- * @uses do_action() Calls 'updated_{$meta_type}_meta' after updating metadata with meta_id of
- * updated metadata entry, object ID, meta key, and meta value
*
* @param string $meta_type Type of object metadata is for (e.g., comment, post, or user)
* @param int $object_id ID of the object metadata is for
* @param string $meta_key Metadata key
- * @param string $meta_value Metadata value
- * @param string $prev_value Optional. If specified, only update existing metadata entries with
+ * @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
+ * @param mixed $prev_value Optional. If specified, only update existing metadata entries with
* the specified value. Otherwise, update all entries.
- * @return bool True on successful update, false on failure.
+ * @return int|bool Meta ID if the key didn't exist, true on successful update, false on failure.
*/
function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_value = '') {
if ( !$meta_type || !$meta_key )
global $wpdb;
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
- $meta_key = stripslashes($meta_key);
+ $meta_key = wp_unslash($meta_key);
$passed_value = $meta_value;
- $meta_value = stripslashes_deep($meta_value);
+ $meta_value = wp_unslash($meta_value);
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
+ /**
+ * Filter whether to update metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user). Returning a non-null value
+ * will effectively short-circuit the function.
+ *
+ * @since 3.1.0
+ *
+ * @param null|bool $check Whether to allow updating metadata for the given type.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value. Must be serializable if non-scalar.
+ * @param mixed $prev_value Optional. If specified, only update existing
+ * metadata entries with the specified value.
+ * Otherwise, update all entries.
+ */
$check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
if ( null !== $check )
return (bool) $check;
$where['meta_value'] = $prev_value;
}
+ /**
+ * Fires immediately before updating metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user).
+ *
+ * @since 2.9.0
+ *
+ * @param int $meta_id ID of the metadata entry to update.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value.
+ */
do_action( "update_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' == $meta_type )
+ /**
+ * Fires immediately before updating a post's metadata.
+ *
+ * @since 2.9.0
+ *
+ * @param int $meta_id ID of metadata entry to update.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value.
+ */
do_action( 'update_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
- $wpdb->update( $table, $data, $where );
+ $result = $wpdb->update( $table, $data, $where );
+ if ( ! $result )
+ return false;
wp_cache_delete($object_id, $meta_type . '_meta');
+ /**
+ * Fires immediately after updating metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user).
+ *
+ * @since 2.9.0
+ *
+ * @param int $meta_id ID of updated metadata entry.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value.
+ */
do_action( "updated_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
- if ( 'post' == $meta_type )
+ if ( 'post' == $meta_type ) {
+ /**
+ * Fires immediately after updating a post's metadata.
+ *
+ * @since 2.9.0
+ *
+ * @param int $meta_id ID of updated metadata entry.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value.
+ */
do_action( 'updated_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
+ }
return true;
}
*
* @since 2.9.0
* @uses $wpdb WordPress database object for queries.
- * @uses do_action() Calls 'deleted_{$meta_type}_meta' after deleting with meta_id of
- * deleted metadata entries, object ID, meta key, and meta value
*
* @param string $meta_type Type of object metadata is for (e.g., comment, post, or user)
* @param int $object_id ID of the object metadata is for
* @param string $meta_key Metadata key
- * @param string $meta_value Optional. Metadata value. If specified, only delete metadata entries
+ * @param mixed $meta_value Optional. Metadata value. Must be serializable if non-scalar. If specified, only delete metadata entries
* with this value. Otherwise, delete all entries with the specified meta_key.
* @param bool $delete_all Optional, default is false. If true, delete matching metadata entries
* for all objects, ignoring the specified object_id. Otherwise, only delete matching
global $wpdb;
- $type_column = esc_sql($meta_type . '_id');
+ $type_column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
- $meta_key = stripslashes($meta_key);
- $meta_value = stripslashes_deep($meta_value);
+ $meta_key = wp_unslash($meta_key);
+ $meta_value = wp_unslash($meta_value);
+ /**
+ * Filter whether to delete metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user). Returning a non-null value
+ * will effectively short-circuit the function.
+ *
+ * @since 3.1.0
+ *
+ * @param null|bool $delete Whether to allow metadata deletion of the given type.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value. Must be serializable if non-scalar.
+ * @param bool $delete_all Whether to delete the matching metadata entries
+ * for all objects, ignoring the specified $object_id.
+ * Default false.
+ */
$check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all );
if ( null !== $check )
return (bool) $check;
if ( $delete_all )
$object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s", $meta_key ) );
+ /**
+ * Fires immediately before deleting metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user).
+ *
+ * @since 3.1.0
+ *
+ * @param array $meta_ids An array of metadata entry IDs to delete.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value.
+ */
do_action( "delete_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value );
// Old-style action.
- if ( 'post' == $meta_type )
+ if ( 'post' == $meta_type ) {
+ /**
+ * Fires immediately before deleting metadata for a post.
+ *
+ * @since 2.9.0
+ *
+ * @param array $meta_ids An array of post metadata entry IDs to delete.
+ */
do_action( 'delete_postmeta', $meta_ids );
+ }
$query = "DELETE FROM $table WHERE $id_column IN( " . implode( ',', $meta_ids ) . " )";
wp_cache_delete($object_id, $meta_type . '_meta');
}
+ /**
+ * Fires immediately after deleting metadata of a specific type.
+ *
+ * The dynamic portion of the hook name, $meta_type, refers to the meta
+ * object type (comment, post, or user).
+ *
+ * @since 2.9.0
+ *
+ * @param array $meta_ids An array of deleted metadata entry IDs.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param mixed $meta_value Meta value.
+ */
do_action( "deleted_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value );
// Old-style action.
- if ( 'post' == $meta_type )
+ if ( 'post' == $meta_type ) {
+ /**
+ * Fires immediately after deleting metadata for a post.
+ *
+ * @since 2.9.0
+ *
+ * @param array $meta_ids An array of deleted post metadata entry IDs.
+ */
do_action( 'deleted_postmeta', $meta_ids );
+ }
return true;
}
if ( !$object_id = absint($object_id) )
return false;
+ /**
+ * Filter whether to retrieve metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (comment, post, or user). Returning a non-null value
+ * will effectively short-circuit the function.
+ *
+ * @since 3.1.0
+ *
+ * @param null|array|string $value The value get_metadata() should
+ * return - a single metadata value,
+ * or an array of values.
+ * @param int $object_id Object ID.
+ * @param string $meta_key Meta key.
+ * @param string|array $single Meta value, or an array of values.
+ */
$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, $single );
if ( null !== $check ) {
if ( $single && is_array( $check ) )
if ( ! $object_id = absint( $object_id ) )
return false;
+ /** This filter is documented in wp-includes/meta.php */
$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true );
if ( null !== $check )
- return true;
+ return (bool) $check;
$meta_cache = wp_cache_get( $object_id, $meta_type . '_meta' );
if ( ! $table = _get_meta_table( $meta_type ) )
return false;
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// Fetch the meta and go on if it's found.
$where = array();
$where[$id_column] = $meta_id;
+ /** This action is documented in wp-includes/meta.php */
do_action( "update_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
- if ( 'post' == $meta_type )
+ if ( 'post' == $meta_type ) {
+ /** This action is documented in wp-includes/meta.php */
do_action( 'update_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
+ }
// Run the update query, all fields in $data are %s, $where is a %d.
- $result = (bool) $wpdb->update( $table, $data, $where, '%s', '%d' );
+ $result = $wpdb->update( $table, $data, $where, '%s', '%d' );
+ if ( ! $result )
+ return false;
// Clear the caches.
wp_cache_delete($object_id, $meta_type . '_meta');
+ /** This action is documented in wp-includes/meta.php */
do_action( "updated_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
- if ( 'post' == $meta_type )
+ if ( 'post' == $meta_type ) {
+ /** This action is documented in wp-includes/meta.php */
do_action( 'updated_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
+ }
- return $result;
+ return true;
}
// And if the meta was not found.
return false;
// object and id columns
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// Fetch the meta and go on if it's found.
if ( $meta = get_metadata_by_mid( $meta_type, $meta_id ) ) {
$object_id = $meta->{$column};
+ /** This action is documented in wp-includes/meta.php */
do_action( "delete_{$meta_type}_meta", (array) $meta_id, $object_id, $meta->meta_key, $meta->meta_value );
// Old-style action.
- if ( 'post' == $meta_type || 'comment' == $meta_type )
+ if ( 'post' == $meta_type || 'comment' == $meta_type ) {
+ /**
+ * Fires immediately before deleting post or comment metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (post or comment).
+ *
+ * @since 3.4.0
+ *
+ * @param int $meta_id ID of the metadata entry to delete.
+ */
do_action( "delete_{$meta_type}meta", $meta_id );
+ }
// Run the query, will return true if deleted, false otherwise
$result = (bool) $wpdb->delete( $table, array( $id_column => $meta_id ) );
// Clear the caches.
wp_cache_delete($object_id, $meta_type . '_meta');
+ /** This action is documented in wp-includes/meta.php */
do_action( "deleted_{$meta_type}_meta", (array) $meta_id, $object_id, $meta->meta_key, $meta->meta_value );
// Old-style action.
- if ( 'post' == $meta_type || 'comment' == $meta_type )
+ if ( 'post' == $meta_type || 'comment' == $meta_type ) {
+ /**
+ * Fires immediately after deleting post or comment metadata of a specific type.
+ *
+ * The dynamic portion of the hook, $meta_type, refers to the meta
+ * object type (post or comment).
+ *
+ * @since 3.4.0
+ *
+ * @param int $meta_ids Deleted metadata entry ID.
+ */
do_action( "deleted_{$meta_type}meta", $meta_id );
+ }
return $result;
if ( ! $table = _get_meta_table($meta_type) )
return false;
- $column = esc_sql($meta_type . '_id');
+ $column = sanitize_key($meta_type . '_id');
global $wpdb;
return $cache;
// Get meta info
- $id_list = join(',', $ids);
- $meta_list = $wpdb->get_results( $wpdb->prepare("SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list)",
- $meta_type), ARRAY_A );
+ $id_list = join( ',', $ids );
+ $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
+ $meta_list = $wpdb->get_results( "SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list) ORDER BY $id_column ASC", ARRAY_A );
if ( !empty($meta_list) ) {
foreach ( $meta_list as $metarow) {
* - 'key' string The meta key
* - 'value' string|array The meta value
* - 'compare' (optional) string How to compare the key to the value.
- * Possible values: '=', '!=', '>', '>=', '<', '<=', 'LIKE', 'NOT LIKE', 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN'.
+ * Possible values: '=', '!=', '>', '>=', '<', '<=', 'LIKE', 'NOT LIKE', 'IN', 'NOT IN',
+ * 'BETWEEN', 'NOT BETWEEN', 'REGEXP', 'NOT REGEXP', 'RLIKE'.
* Default: '='
* - 'type' string (optional) The type of the value.
* Possible values: 'NUMERIC', 'BINARY', 'CHAR', 'DATE', 'DATETIME', 'DECIMAL', 'SIGNED', 'TIME', 'UNSIGNED'.
}
// WP_Query sets 'meta_value' = '' by default
- if ( isset( $qv[ 'meta_value' ] ) && '' !== $qv[ 'meta_value' ] )
+ if ( isset( $qv[ 'meta_value' ] ) && '' !== $qv[ 'meta_value' ] && ( ! is_array( $qv[ 'meta_value' ] ) || $qv[ 'meta_value' ] ) )
$meta_query[0]['value'] = $qv[ 'meta_value' ];
if ( !empty( $qv['meta_query'] ) && is_array( $qv['meta_query'] ) ) {
$this->__construct( $meta_query );
}
+ /**
+ * Given a meta type, return the appropriate alias if applicable
+ *
+ * @since 3.7.0
+ *
+ * @param string $type MySQL type to cast meta_value
+ * @return string MySQL type
+ */
+ function get_cast_for_type( $type = '' ) {
+ if ( empty( $type ) )
+ return 'CHAR';
+
+ $meta_type = strtoupper( $type );
+
+ if ( ! preg_match( '/^(?:BINARY|CHAR|DATE|DATETIME|SIGNED|UNSIGNED|TIME|NUMERIC(?:\(\d+(?:,\s?\d+)?\))?|DECIMAL(?:\(\d+(?:,\s?\d+)?\))?)$/', $meta_type ) )
+ return 'CHAR';
+
+ if ( 'NUMERIC' == $meta_type )
+ $meta_type = 'SIGNED';
+
+ return $meta_type;
+ }
+
/**
* Generates SQL clauses to be appended to a main query.
*
if ( ! $meta_table = _get_meta_table( $type ) )
return false;
- $meta_id_column = esc_sql( $type . '_id' );
+ $meta_id_column = sanitize_key( $type . '_id' );
$join = array();
$where = array();
$key_only_queries = array();
$queries = array();
+ // Split out the queries with empty arrays as value
+ foreach ( $this->queries as $k => $q ) {
+ if ( isset( $q['value'] ) && is_array( $q['value'] ) && empty( $q['value'] ) ) {
+ $key_only_queries[$k] = $q;
+ unset( $this->queries[$k] );
+ }
+ }
+
// Split out the meta_key only queries (we can only do this for OR)
if ( 'OR' == $this->relation ) {
foreach ( $this->queries as $k => $q ) {
- if ( ! isset( $q['value'] ) && ! empty( $q['key'] ) )
+ if ( ( empty( $q['compare'] ) || 'NOT EXISTS' != $q['compare'] ) && ! array_key_exists( 'value', $q ) && ! empty( $q['key'] ) )
$key_only_queries[$k] = $q;
else
$queries[$k] = $q;
foreach ( $queries as $k => $q ) {
$meta_key = isset( $q['key'] ) ? trim( $q['key'] ) : '';
- $meta_type = isset( $q['type'] ) ? strtoupper( $q['type'] ) : 'CHAR';
+ $meta_type = $this->get_cast_for_type( isset( $q['type'] ) ? $q['type'] : '' );
- if ( 'NUMERIC' == $meta_type )
- $meta_type = 'SIGNED';
- elseif ( ! in_array( $meta_type, array( 'BINARY', 'CHAR', 'DATE', 'DATETIME', 'DECIMAL', 'SIGNED', 'TIME', 'UNSIGNED' ) ) )
- $meta_type = 'CHAR';
+ if ( array_key_exists( 'value', $q ) && is_null( $q['value'] ) )
+ $q['value'] = '';
$meta_value = isset( $q['value'] ) ? $q['value'] : null;
'LIKE', 'NOT LIKE',
'IN', 'NOT IN',
'BETWEEN', 'NOT BETWEEN',
- 'NOT EXISTS'
+ 'NOT EXISTS',
+ 'REGEXP', 'NOT REGEXP', 'RLIKE'
) ) )
$meta_compare = '=';
if ( ! empty( $join ) )
$join = ' ' . $join;
+ /**
+ * Filter the meta query's generated SQL.
+ *
+ * @since 3.1.0
+ *
+ * @param array $args {
+ * An array of arguments.
+ *
+ * @type array $clauses Array containing the query's JOIN and WHERE clauses.
+ * @type array $queries Array of meta queries.
+ * @type string $type Type of meta.
+ * @type string $primary_table Primary table.
+ * @type string $primary_id_column Primary column ID.
+ * @type object $context The main query object.
+ * }
+ */
return apply_filters_ref_array( 'get_meta_sql', array( compact( 'join', 'where' ), $this->queries, $type, $primary_table, $primary_id_column, $context ) );
}
}
}
/**
- * Determine whether a meta key is protected
+ * Determine whether a meta key is protected.
*
* @since 3.1.3
*
function is_protected_meta( $meta_key, $meta_type = null ) {
$protected = ( '_' == $meta_key[0] );
+ /**
+ * Filter whether a meta key is protected.
+ *
+ * @since 3.2.0
+ *
+ * @param bool $protected Whether the key is protected. Default false.
+ * @param string $meta_key Meta key.
+ * @param string $meta_type Meta type.
+ */
return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type );
}
/**
- * Sanitize meta value
+ * Sanitize meta value.
*
* @since 3.1.3
*
* @return mixed Sanitized $meta_value
*/
function sanitize_meta( $meta_key, $meta_value, $meta_type ) {
+
+ /**
+ * Filter the sanitization of a specific meta key of a specific meta type.
+ *
+ * The dynamic portions of the hook name, $meta_type and $meta_key, refer to the
+ * metadata object type (comment, post, or user) and the meta key value,
+ * respectively.
+ *
+ * @since 3.3.0
+ *
+ * @param mixed $meta_value Meta value to sanitize.
+ * @param string $meta_key Meta key.
+ * @param string $meta_type Meta type.
+ */
return apply_filters( "sanitize_{$meta_type}_meta_{$meta_key}", $meta_value, $meta_key, $meta_type );
}