Customize: Prevent dropping backslashes from input on general settings and settings for nav menus and some widgets.
Ensures that intentional backslashes (e.g. "\o/") can be used in: * Site title * Site description * Nav menu name * Custom Menu widget title * Tag Cloud widget title * Text widget body if can't `unfiltered_html` The latter three are also fixed on the widgets admin page. Fixes #35898. Built from https://develop.svn.wordpress.org/trunk@36622 git-svn-id: http://core.svn.wordpress.org/trunk@36589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e512f158df
commit
aa9ef96a52
|
@ -496,7 +496,6 @@ class WP_Customize_Setting {
|
||||||
* @return string|array|null Null if an input isn't valid, otherwise the sanitized value.
|
* @return string|array|null Null if an input isn't valid, otherwise the sanitized value.
|
||||||
*/
|
*/
|
||||||
public function sanitize( $value ) {
|
public function sanitize( $value ) {
|
||||||
$value = wp_unslash( $value );
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filter a Customize setting value in un-slashed form.
|
* Filter a Customize setting value in un-slashed form.
|
||||||
|
|
|
@ -513,14 +513,14 @@ class WP_Customize_Nav_Menu_Setting extends WP_Customize_Setting {
|
||||||
$menu_data['menu-name'] = $value['name'];
|
$menu_data['menu-name'] = $value['name'];
|
||||||
|
|
||||||
$menu_id = $is_placeholder ? 0 : $this->term_id;
|
$menu_id = $is_placeholder ? 0 : $this->term_id;
|
||||||
$r = wp_update_nav_menu_object( $menu_id, $menu_data );
|
$r = wp_update_nav_menu_object( $menu_id, wp_slash( $menu_data ) );
|
||||||
$original_name = $menu_data['menu-name'];
|
$original_name = $menu_data['menu-name'];
|
||||||
$name_conflict_suffix = 1;
|
$name_conflict_suffix = 1;
|
||||||
while ( is_wp_error( $r ) && 'menu_exists' === $r->get_error_code() ) {
|
while ( is_wp_error( $r ) && 'menu_exists' === $r->get_error_code() ) {
|
||||||
$name_conflict_suffix += 1;
|
$name_conflict_suffix += 1;
|
||||||
/* translators: 1: original menu name, 2: duplicate count */
|
/* translators: 1: original menu name, 2: duplicate count */
|
||||||
$menu_data['menu-name'] = sprintf( __( '%1$s (%2$d)' ), $original_name, $name_conflict_suffix );
|
$menu_data['menu-name'] = sprintf( __( '%1$s (%2$d)' ), $original_name, $name_conflict_suffix );
|
||||||
$r = wp_update_nav_menu_object( $menu_id, $menu_data );
|
$r = wp_update_nav_menu_object( $menu_id, wp_slash( $menu_data ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( is_wp_error( $r ) ) {
|
if ( is_wp_error( $r ) ) {
|
||||||
|
|
|
@ -196,12 +196,15 @@ function is_nav_menu_item( $menu_item_id = 0 ) {
|
||||||
/**
|
/**
|
||||||
* Creates a navigation menu.
|
* Creates a navigation menu.
|
||||||
*
|
*
|
||||||
|
* Note that <code>$menu_name</code> is expected to be pre-slashed.
|
||||||
|
*
|
||||||
* @since 3.0.0
|
* @since 3.0.0
|
||||||
*
|
*
|
||||||
* @param string $menu_name Menu name.
|
* @param string $menu_name Menu name.
|
||||||
* @return int|WP_Error Menu ID on success, WP_Error object on failure.
|
* @return int|WP_Error Menu ID on success, WP_Error object on failure.
|
||||||
*/
|
*/
|
||||||
function wp_create_nav_menu( $menu_name ) {
|
function wp_create_nav_menu( $menu_name ) {
|
||||||
|
// expected_slashed ($menu_name)
|
||||||
return wp_update_nav_menu_object( 0, array( 'menu-name' => $menu_name ) );
|
return wp_update_nav_menu_object( 0, array( 'menu-name' => $menu_name ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -252,6 +255,8 @@ function wp_delete_nav_menu( $menu ) {
|
||||||
/**
|
/**
|
||||||
* Save the properties of a menu or create a new menu with those properties.
|
* Save the properties of a menu or create a new menu with those properties.
|
||||||
*
|
*
|
||||||
|
* Note that <code>$menu_data</code> is expected to be pre-slashed.
|
||||||
|
*
|
||||||
* @since 3.0.0
|
* @since 3.0.0
|
||||||
*
|
*
|
||||||
* @param int $menu_id The ID of the menu or "0" to create a new menu.
|
* @param int $menu_id The ID of the menu or "0" to create a new menu.
|
||||||
|
@ -259,6 +264,7 @@ function wp_delete_nav_menu( $menu ) {
|
||||||
* @return int|WP_Error Menu ID on success, WP_Error object on failure.
|
* @return int|WP_Error Menu ID on success, WP_Error object on failure.
|
||||||
*/
|
*/
|
||||||
function wp_update_nav_menu_object( $menu_id = 0, $menu_data = array() ) {
|
function wp_update_nav_menu_object( $menu_id = 0, $menu_data = array() ) {
|
||||||
|
// expected_slashed ($menu_data)
|
||||||
$menu_id = (int) $menu_id;
|
$menu_id = (int) $menu_id;
|
||||||
|
|
||||||
$_menu = wp_get_nav_menu_object( $menu_id );
|
$_menu = wp_get_nav_menu_object( $menu_id );
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.5-alpha-36621';
|
$wp_version = '4.5-alpha-36622';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
|
@ -92,7 +92,7 @@
|
||||||
public function update( $new_instance, $old_instance ) {
|
public function update( $new_instance, $old_instance ) {
|
||||||
$instance = array();
|
$instance = array();
|
||||||
if ( ! empty( $new_instance['title'] ) ) {
|
if ( ! empty( $new_instance['title'] ) ) {
|
||||||
$instance['title'] = sanitize_text_field( stripslashes( $new_instance['title'] ) );
|
$instance['title'] = sanitize_text_field( $new_instance['title'] );
|
||||||
}
|
}
|
||||||
if ( ! empty( $new_instance['nav_menu'] ) ) {
|
if ( ! empty( $new_instance['nav_menu'] ) ) {
|
||||||
$instance['nav_menu'] = (int) $new_instance['nav_menu'];
|
$instance['nav_menu'] = (int) $new_instance['nav_menu'];
|
||||||
|
|
|
@ -98,7 +98,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
|
||||||
*/
|
*/
|
||||||
public function update( $new_instance, $old_instance ) {
|
public function update( $new_instance, $old_instance ) {
|
||||||
$instance = array();
|
$instance = array();
|
||||||
$instance['title'] = sanitize_text_field( stripslashes( $new_instance['title'] ) );
|
$instance['title'] = sanitize_text_field( $new_instance['title'] );
|
||||||
$instance['taxonomy'] = stripslashes($new_instance['taxonomy']);
|
$instance['taxonomy'] = stripslashes($new_instance['taxonomy']);
|
||||||
return $instance;
|
return $instance;
|
||||||
}
|
}
|
||||||
|
|
|
@ -80,10 +80,11 @@ class WP_Widget_Text extends WP_Widget {
|
||||||
public function update( $new_instance, $old_instance ) {
|
public function update( $new_instance, $old_instance ) {
|
||||||
$instance = $old_instance;
|
$instance = $old_instance;
|
||||||
$instance['title'] = sanitize_text_field( $new_instance['title'] );
|
$instance['title'] = sanitize_text_field( $new_instance['title'] );
|
||||||
if ( current_user_can('unfiltered_html') )
|
if ( current_user_can( 'unfiltered_html' ) ) {
|
||||||
$instance['text'] = $new_instance['text'];
|
$instance['text'] = $new_instance['text'];
|
||||||
else
|
} else {
|
||||||
$instance['text'] = wp_kses_post( stripslashes( $new_instance['text'] ) );
|
$instance['text'] = wp_kses_post( $new_instance['text'] );
|
||||||
|
}
|
||||||
$instance['filter'] = ! empty( $new_instance['filter'] );
|
$instance['filter'] = ! empty( $new_instance['filter'] );
|
||||||
return $instance;
|
return $instance;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue