Customize: Fix previewing and updating of nav menu items containing slashed/slashable characters.

Prevents slashes from being added when a user without `unfiltered_html` previews a nav menu item containing an apostrophe or some other slashable character, and prevents the loss of an intentional slash (e.g. "\o/") when saving a nav menu item, regardless of capability.

Fixes #35869.

Built from https://develop.svn.wordpress.org/trunk@36608


git-svn-id: http://core.svn.wordpress.org/trunk@36575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Weston Ruter 2016-02-22 00:14:25 +00:00
parent 04da8bb63a
commit b206327acb
3 changed files with 8 additions and 5 deletions

View File

@ -639,9 +639,9 @@ class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting {
$menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] ); $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
// Apply the same filters as when calling wp_insert_post(). // Apply the same filters as when calling wp_insert_post().
$menu_item_value['title'] = apply_filters( 'title_save_pre', $menu_item_value['title'] ); $menu_item_value['title'] = wp_unslash( apply_filters( 'title_save_pre', wp_slash( $menu_item_value['title'] ) ) );
$menu_item_value['attr_title'] = apply_filters( 'excerpt_save_pre', $menu_item_value['attr_title'] ); $menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) );
$menu_item_value['description'] = apply_filters( 'content_save_pre', $menu_item_value['description'] ); $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );
$menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
if ( 'publish' !== $menu_item_value['status'] ) { if ( 'publish' !== $menu_item_value['status'] ) {
@ -776,7 +776,7 @@ class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting {
$r = wp_update_nav_menu_item( $r = wp_update_nav_menu_item(
$value['nav_menu_term_id'], $value['nav_menu_term_id'],
$is_placeholder ? 0 : $this->post_id, $is_placeholder ? 0 : $this->post_id,
$menu_item_data wp_slash( $menu_item_data )
); );
if ( is_wp_error( $r ) ) { if ( is_wp_error( $r ) ) {

View File

@ -344,6 +344,9 @@ function wp_update_nav_menu_object( $menu_id = 0, $menu_data = array() ) {
/** /**
* Save the properties of a menu item or create a new one. * Save the properties of a menu item or create a new one.
* *
* The menu-item-title, menu-item-description, and menu-item-attr-title are expected
* to be pre-slashed since they are passed directly into <code>wp_insert_post()</code>.
*
* @since 3.0.0 * @since 3.0.0
* *
* @param int $menu_id The ID of the menu. Required. If "0", makes the menu item a draft orphan. * @param int $menu_id The ID of the menu. Required. If "0", makes the menu item a draft orphan.

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.5-alpha-36607'; $wp_version = '4.5-alpha-36608';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.