WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

In `wp_ajax_add_meta()`, do not juggle the value of `$_POST` and alter it directly. This was done so that `edit_post()` could pull `$_POST` out of the air by-reference and alter it (equally as bad). `edit_post()` accepts a `$post_data` array. Do that instead. 

See #33491.

Built from https://develop.svn.wordpress.org/trunk@33697


git-svn-id: http://core.svn.wordpress.org/trunk@33664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2015-08-21 18:13:24 +00:00
parent cb2879b9d4
commit 0fa7f817c4
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
wp-admin/includes/ajax-actions.php
View File

@ -1194,16 +1194,16 @@ function wp_ajax_add_meta() {
// If the post is an autodraft, save the post as a draft and then attempt to save the meta.
if ( $post->post_status == 'auto-draft' ) {
$save_POST = $_POST; // Backup $_POST
$_POST = array(); // Make it empty for edit_post()
$_POST['action'] = 'draft'; // Warning fix
$_POST['post_ID'] = $pid;
$_POST['post_type'] = $post->post_type;
$_POST['post_status'] = 'draft';
$post_data = array();
$post_data['action'] = 'draft'; // Warning fix
$post_data['post_ID'] = $pid;
$post_data['post_type'] = $post->post_type;
$post_data['post_status'] = 'draft';
$now = current_time('timestamp', 1);
$_POST['post_title'] = sprintf( __( 'Draft created on %1$s at %2$s' ), date( get_option( 'date_format' ), $now ), date( get_option( 'time_format' ), $now ) );
$post_data['post_title'] = sprintf( __( 'Draft created on %1$s at %2$s' ), date( get_option( 'date_format' ), $now ), date( get_option( 'time_format' ), $now ) );
if ( $pid = edit_post() ) {
$pid = edit_post( $post_data );
if ( $pid ) {
if ( is_wp_error( $pid ) ) {
$x = new WP_Ajax_Response( array(
'what' => 'meta',
@ -1211,7 +1211,7 @@ function wp_ajax_add_meta() {
) );
$x->send();
}
$_POST = $save_POST; // Now we can restore original $_POST again
if ( !$mid = add_meta( $pid ) )
wp_die( __( 'Please provide a custom field value.' ) );
} else {

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.4-alpha-33696';
$wp_version = '4.4-alpha-33697';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.