WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

REST API: Respect unfiltered_html for HTML comment fields. 

Same as [39155], but for comments, natch.

Props jnylen0.
Fixes #38704, see #38609.

Built from https://develop.svn.wordpress.org/trunk@39157


git-svn-id: http://core.svn.wordpress.org/trunk@39097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Ryan McCue 2016-11-08 06:36:31 +00:00
parent 1239980fad
commit caabc52753
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
View File

@ -520,7 +520,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
*/ */
$prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request ); $prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request );
$comment_id = wp_insert_comment( $prepared_comment ); $comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) );
if ( ! $comment_id ) { if ( ! $comment_id ) {
return new WP_Error( 'rest_comment_failed_create', __( 'Creating comment failed.' ), array( 'status' => 500 ) ); return new WP_Error( 'rest_comment_failed_create', __( 'Creating comment failed.' ), array( 'status' => 500 ) );
@ -644,7 +644,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
} }
$updated = wp_update_comment( $prepared_args ); $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
if ( 0 === $updated ) { if ( 0 === $updated ) {
return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) ); return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) );
@ -995,9 +995,9 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
* the 'content.raw' properties of the Request object. * the 'content.raw' properties of the Request object.
*/ */
if ( isset( $request['content'] ) && is_string( $request['content'] ) ) { if ( isset( $request['content'] ) && is_string( $request['content'] ) ) {
$prepared_comment['comment_content'] = wp_filter_kses( $request['content'] ); $prepared_comment['comment_content'] = $request['content'];
} elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) { } elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) {
$prepared_comment['comment_content'] = wp_filter_kses( $request['content']['raw'] ); $prepared_comment['comment_content'] = $request['content']['raw'];
} }
if ( isset( $request['post'] ) ) { if ( isset( $request['post'] ) ) {

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.7-beta2-39156'; $wp_version = '4.7-beta2-39157';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.