WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Escape posts passed as objects. Props Denis-de-Bernardy. fixes #9727 

git-svn-id: http://svn.automattic.com/wordpress/trunk@11344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-05-15 21:27:39 +00:00
parent acd92c27ab
commit 603abd463e
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wp-includes/post.php
View File

@ -1611,12 +1611,15 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
* *
* @since 1.0.0 * @since 1.0.0
* *
* @param array|object $postarr Post data. * @param array|object $postarr Post data. Arrays are expected to be escaped, objects are not.
* @return int 0 on failure, Post ID on success. * @return int 0 on failure, Post ID on success.
*/ */
function wp_update_post($postarr = array()) { function wp_update_post($postarr = array()) {
if ( is_object($postarr) ) if ( is_object($postarr) ) {
// non-escaped post was passed
$postarr = get_object_vars($postarr); $postarr = get_object_vars($postarr);
$postarr = add_magic_quotes($postarr);
}
// First, get all of the original fields // First, get all of the original fields
$post = wp_get_single_post($postarr['ID'], ARRAY_A); $post = wp_get_single_post($postarr['ID'], ARRAY_A);