From 318fec4dcd65ddd4a36ac0f875dd638e4edb27fe Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Sat, 2 Jul 2016 18:39:30 +0000 Subject: [PATCH] Customize: Reverse order of setting sanitization/validation, validating prior to sanitizing. Reverses order where sanitization was being applied before validation originally in accordance with REST API logic. Props westonruter, schlessera. See #34893. See #37192. Fixes #37247. Built from https://develop.svn.wordpress.org/trunk@37942 git-svn-id: http://core.svn.wordpress.org/trunk@37883 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-customize-manager.php | 21 +++++++++++++++------ wp-includes/version.php | 2 +- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index 60b07a83f1..761e3216ee 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -670,14 +670,15 @@ final class WP_Customize_Manager { if ( ! array_key_exists( $setting->id, $post_values ) ) { return $default; } - $value = $setting->sanitize( $post_values[ $setting->id ] ); - if ( is_null( $value ) || is_wp_error( $value ) ) { - return $default; - } + $value = $post_values[ $setting->id ]; $valid = $setting->validate( $value ); if ( is_wp_error( $valid ) ) { return $default; } + $value = $setting->sanitize( $value ); + if ( is_null( $value ) || is_wp_error( $value ) ) { + return $default; + } return $value; } @@ -1007,8 +1008,16 @@ final class WP_Customize_Manager { if ( ! $setting || is_null( $unsanitized_value ) ) { continue; } - $validity = $setting->validate( $setting->sanitize( $unsanitized_value ) ); - if ( false === $validity || null === $validity ) { + $validity = $setting->validate( $unsanitized_value ); + if ( ! is_wp_error( $validity ) ) { + $value = $setting->sanitize( $unsanitized_value ); + if ( is_null( $value ) ) { + $validity = false; + } elseif ( is_wp_error( $value ) ) { + $validity = $value; + } + } + if ( false === $validity ) { $validity = new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); } $validities[ $setting_id ] = $validity; diff --git a/wp-includes/version.php b/wp-includes/version.php index 5b497ead4e..9fdc7479e6 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.6-beta1-37941'; +$wp_version = '4.6-beta1-37942'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.