Bail early with correct WP_Error when an invalid post ID is passed to wp_insert_post() and wp_update_post().

Props simonwheatley
fixes #23474


git-svn-id: http://core.svn.wordpress.org/trunk@23740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Ryan Boren 2013-03-18 14:33:09 +00:00
parent 469d1a3099
commit 77f431ec4c
1 changed files with 19 additions and 10 deletions

View File

@ -2635,9 +2635,21 @@ function wp_insert_post($postarr, $wp_error = false) {
extract($postarr, EXTR_SKIP); extract($postarr, EXTR_SKIP);
// Are we updating or creating? // Are we updating or creating?
$post_ID = 0;
$update = false; $update = false;
if ( ! empty( $ID ) ) { if ( ! empty( $ID ) ) {
$update = true; $update = true;
// Get the post ID and GUID
$post_ID = $ID;
$post_before = get_post( $post_ID );
if ( is_null( $post_before ) ) {
if ( $wp_error )
return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) );
return 0;
}
$guid = get_post_field( 'guid', $post_ID );
$previous_status = get_post_field('post_status', $ID); $previous_status = get_post_field('post_status', $ID);
} else { } else {
$previous_status = 'new'; $previous_status = 'new';
@ -2673,15 +2685,6 @@ function wp_insert_post($postarr, $wp_error = false) {
if ( empty($post_author) ) if ( empty($post_author) )
$post_author = $user_ID; $post_author = $user_ID;
$post_ID = 0;
// Get the post ID and GUID
if ( $update ) {
$post_ID = (int) $ID;
$guid = get_post_field( 'guid', $post_ID );
$post_before = get_post($post_ID);
}
// Don't allow contributors to set the post slug for pending review posts // Don't allow contributors to set the post slug for pending review posts
if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) ) if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) )
$post_name = ''; $post_name = '';
@ -2894,6 +2897,12 @@ function wp_update_post( $postarr = array(), $wp_error = false ) {
// First, get all of the original fields // First, get all of the original fields
$post = get_post($postarr['ID'], ARRAY_A); $post = get_post($postarr['ID'], ARRAY_A);
if ( is_null( $post ) ) {
if ( $wp_error )
return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) );
return 0;
}
// Escape data pulled from DB. // Escape data pulled from DB.
$post = wp_slash($post); $post = wp_slash($post);