Customize: Improve alignment of `WP_Customize_Nav_Menu_Item_Setting::sanitize()` behavior with `wp_update_nav_menu_item()`.

* Apply `title_save_pre`, `excerpt_save_pre`, and `content_save_pre` filters on a nav menu item's `title`, `attr_title`, and `description` properties respectively. This ensures that arbitrary markup can be supplied if the user has `unfiltered_html` cap, and for these fields to have markup stripped if not.
* Ensure a nav menu item's `post_status` is sanitized as `publish` or `draft` using the same conditions as `wp_update_nav_menu_item()`.
* Align `WP_Customize_Nav_Menu_Item_Setting::sanitize()` behavior for sanitizing `position` to be the same as `wp_update_nav_menu_item()`.
* Also apply `nav_menu_attr_title` and `nav_menu_description` filters in `WP_Customize_Nav_Menu_Item_Setting::value_as_wp_post_nav_menu_item()` to ensure that previewing markup entered into menu item description will preview the same way as when the nav menu item is saved.
* Add unit tests.

Fixes #32812.

Built from https://develop.svn.wordpress.org/trunk@35580


git-svn-id: http://core.svn.wordpress.org/trunk@35544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Weston Ruter 2015-11-09 00:48:26 +00:00
parent f47801d504
commit c470b872bd
2 changed files with 16 additions and 8 deletions

View File

@ -572,6 +572,12 @@ class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting {
} }
} }
/** This filter is documented in wp-includes/nav-menu.php */
$post->attr_title = apply_filters( 'nav_menu_attr_title', $post->attr_title );
/** This filter is documented in wp-includes/nav-menu.php */
$post->description = apply_filters( 'nav_menu_description', wp_trim_words( $post->description, 200 ) );
return $post; return $post;
} }
@ -619,7 +625,7 @@ class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting {
); );
$menu_item_value = array_merge( $default, $menu_item_value ); $menu_item_value = array_merge( $default, $menu_item_value );
$menu_item_value = wp_array_slice_assoc( $menu_item_value, array_keys( $default ) ); $menu_item_value = wp_array_slice_assoc( $menu_item_value, array_keys( $default ) );
$menu_item_value['position'] = max( 0, intval( $menu_item_value['position'] ) ); $menu_item_value['position'] = intval( $menu_item_value['position'] );
foreach ( array( 'object_id', 'menu_item_parent', 'nav_menu_term_id' ) as $key ) { foreach ( array( 'object_id', 'menu_item_parent', 'nav_menu_term_id' ) as $key ) {
// Note we need to allow negative-integer IDs for previewed objects not inserted yet. // Note we need to allow negative-integer IDs for previewed objects not inserted yet.
@ -638,14 +644,16 @@ class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting {
$menu_item_value[ $key ] = implode( ' ', array_map( 'sanitize_html_class', $value ) ); $menu_item_value[ $key ] = implode( ' ', array_map( 'sanitize_html_class', $value ) );
} }
foreach ( array( 'title', 'attr_title', 'description', 'original_title' ) as $key ) { $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
// @todo Should esc_attr() the attr_title as well?
$menu_item_value[ $key ] = sanitize_text_field( $menu_item_value[ $key ] ); // Apply the same filters as when calling wp_insert_post().
} $menu_item_value['title'] = apply_filters( 'title_save_pre', $menu_item_value['title'] );
$menu_item_value['attr_title'] = apply_filters( 'excerpt_save_pre', $menu_item_value['attr_title'] );
$menu_item_value['description'] = apply_filters( 'content_save_pre', $menu_item_value['description'] );
$menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] ); $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
if ( ! get_post_status_object( $menu_item_value['status'] ) ) { if ( 'publish' !== $menu_item_value['status'] ) {
$menu_item_value['status'] = 'publish'; $menu_item_value['status'] = 'draft';
} }
$menu_item_value['_invalid'] = (bool) $menu_item_value['_invalid']; $menu_item_value['_invalid'] = (bool) $menu_item_value['_invalid'];

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.4-beta3-35579'; $wp_version = '4.4-beta3-35580';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.