From 374a4891660eb0b56811b258c643e47e3b93376f Mon Sep 17 00:00:00 2001 From: Boone Gorges Date: Sat, 16 Apr 2016 14:51:28 +0000 Subject: [PATCH] In `sanitize_post_field()`, only run 'attribute' or 'js' escaping when necessary. Props tfrommen. Fixes #34900. Built from https://develop.svn.wordpress.org/trunk@37220 git-svn-id: http://core.svn.wordpress.org/trunk@37186 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/post.php | 11 ++++++----- wp-includes/version.php | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/wp-includes/post.php b/wp-includes/post.php index ccb11de728..72ffc8dc37 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -2139,12 +2139,13 @@ function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) { } else { $value = apply_filters( "post_{$field}", $value, $post_id, $context ); } - } - if ( 'attribute' == $context ) - $value = esc_attr($value); - elseif ( 'js' == $context ) - $value = esc_js($value); + if ( 'attribute' == $context ) { + $value = esc_attr( $value ); + } elseif ( 'js' == $context ) { + $value = esc_js( $value ); + } + } return $value; } diff --git a/wp-includes/version.php b/wp-includes/version.php index abefeb79eb..aaaabe6d3f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.6-alpha-37219'; +$wp_version = '4.6-alpha-37220'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.