From 745018d81ac5ff87a3b987ff305e2504094b3f85 Mon Sep 17 00:00:00 2001
From: Boone Gorges <boonebgorges@git.wordpress.org>
Date: Sat, 16 Apr 2016 14:51:01 +0000
Subject: [PATCH] In `sanitize_post_field()`, only run 'attribute' or 'js'
 escaping when necessary.

Props tfrommen.
Fixes #34900.

git-svn-id: https://develop.svn.wordpress.org/trunk@37220 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/post.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/wp-includes/post.php b/src/wp-includes/post.php
index ccb11de728..72ffc8dc37 100644
--- a/src/wp-includes/post.php
+++ b/src/wp-includes/post.php
@@ -2139,12 +2139,13 @@ function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) {
 		} else {
 			$value = apply_filters( "post_{$field}", $value, $post_id, $context );
 		}
-	}
 
-	if ( 'attribute' == $context )
-		$value = esc_attr($value);
-	elseif ( 'js' == $context )
-		$value = esc_js($value);
+		if ( 'attribute' == $context ) {
+			$value = esc_attr( $value );
+		} elseif ( 'js' == $context ) {
+			$value = esc_js( $value );
+		}
+	}
 
 	return $value;
 }