vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Customize: Add additional filters to Customizer to prevent JSON corruption.

Browse Source 
This solution extends the wp_insert_post_data filter to pass in addition to the slashed/sanitized/processed data, and the slashed/sanitized/unprocessed data, to also pass the initial slashed/unsanitized/unprocessed data which was passed into wp_insert_post(). This then allows plugins to have complete control over how sanitization is performed based on the post type.

Props westonruter, peterwilsoncc, sstoqnov, whyisjake, xknown.
 


git-svn-id: https://develop.svn.wordpress.org/trunk@47633 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jake Spurlock
2020-04-29 15:12:50 +00:00
parent 833ce3b15b
commit cfb690cb8e
3 changed files with 232 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/wp-includes/post.php
View File

@@ -3594,6 +3594,9 @@ function wp_get_recent_posts( $args = array(), $output = ARRAY_A ) {
function wp_insert_post( $postarr, $wp_error = false ) {
global $wpdb;
// Capture original pre-sanitized array for passing into filters.
$unsanitized_postarr = $postarr;
$user_id = get_current_user_id();
$defaults = array(
@@ -3918,21 +3921,27 @@ function wp_insert_post( $postarr, $wp_error = false ) {
* Filters attachment post data before it is updated in or added to the database.
*
* @since 3.9.0
* @since 5.4.1 `$unsanitized_postarr` argument added.
*
* @param array $data An array of sanitized attachment post data.
* @param array $postarr An array of unsanitized attachment post data.
* @param array $data An array of slashed, sanitized, and processed attachment post data.
* @param array $postarr An array of slashed and sanitized attachment post data, but not processed.
* @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed attachment post data
* as originally passed to wp_insert_post().
*/
$data = apply_filters( 'wp_insert_attachment_data', $data, $postarr );
$data = apply_filters( 'wp_insert_attachment_data', $data, $postarr, $unsanitized_postarr );
} else {
/**
* Filters slashed post data just before it is inserted into the database.
*
* @since 2.7.0
* @since 5.4.1 `$unsanitized_postarr` argument added.
*
* @param array $data An array of slashed post data.
* @param array $postarr An array of sanitized, but otherwise unmodified post data.
* @param array $data An array of slashed, sanitized, and processed post data.
* @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data.
* @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as
* originally passed to wp_insert_post().
*/
$data = apply_filters( 'wp_insert_post_data', $data, $postarr );
$data = apply_filters( 'wp_insert_post_data', $data, $postarr, $unsanitized_postarr );
}
$data = wp_unslash( $data );
$where = array( 'ID' => $post_ID );