[wp-trac] [WordPress Trac] #25023: WordPress 3.6 deleting data on custom post meta
WordPress Trac
noreply at wordpress.org
Wed Aug 28 21:27:01 UTC 2013
#25023: WordPress 3.6 deleting data on custom post meta
----------------------------+--------------------
Reporter: cdwharton | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.6.1
Component: Administration | Version: 3.6
Severity: critical | Resolution:
Keywords: |
----------------------------+--------------------
Comment (by johnbillion):
Replying to [comment:32 WraithKenny]:
> Back to the bug, the example code fails to check for Nonce, doesn't
check for revision, doesn't sanitize or validate data... seems like a very
rare edge-case. Plenty example code out there leaves out some checks, but
all of that? I don't think it's worth fixing.
Just to clarify for OP's benefit, the root cause of the problem with the
example code is that it's not checking for `isset($_POST['bug'])`. This
causes the meta data to be updated with an empty value when the
`save_post` hook fires and there's nothing in `$_POST`.
The example code is broken, no doubt about it. It will break when Quick
Edit is used, for example, along with any other time that
`wp_update_post()` gets called, which could be any number of places in
other plugins.
What's currently being discussed in IRC is whether core needs to handle
this situation due to prevalence of code like this.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25023#comment:33>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list