Ticket #19373: 19373.diff

wp-includes/post.php

@@ -2680 +2680 @@
  *
  * @param array $postarr Elements that make up post to insert.
  * @param bool $wp_error Optional. Allow return of WP_Error on failure.
+ * @param bool $sanitize Optional. Run "current user" sanitization routines on $postarr.
  * @return int|WP_Error The value 0 or WP_Error on failure. The post ID on success.
  */
-function wp_insert_post($postarr, $wp_error = false) {
+function wp_insert_post( $postarr, $wp_error = false, $sanitize = true ) {
         global $wpdb, $user_ID;
 
         $defaults = array('post_status' => 'draft', 'post_type' => 'post', 'post_author' => $user_ID,
@@ -2695 +2696 @@
 
         unset( $postarr[ 'filter' ] );
 
-        $postarr = sanitize_post($postarr, 'db');
+        if ( ! $sanitize )
+                kses_remove_filters();
+        $postarr = sanitize_post( $postarr, 'db' );
+        if ( ! $sanitize )
+                kses_init();
 
         // export array as variables
         extract($postarr, EXTR_SKIP);
@@ -2753 +2758 @@
                 $post_author = $user_ID;
 
         // Don't allow contributors to set the post slug for pending review posts
-        if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) )
+        if ( 'pending' == $post_status && $sanitize && !current_user_can( 'publish_posts' ) )
                 $post_name = '';
 
         // Create a valid post name. Drafts and pending posts are allowed to have an empty
@@ -2901 +2906 @@
                         $taxonomy_obj = get_taxonomy($taxonomy);
                         if ( is_array($tags) ) // array = hierarchical, string = non-hierarchical.
                                 $tags = array_filter($tags);
-                        if ( current_user_can($taxonomy_obj->cap->assign_terms) )
+                        if ( ! $sanitize || current_user_can( $taxonomy_obj->cap->assign_terms ) )
                                 wp_set_post_terms( $post_ID, $tags, $taxonomy );
                 }
         }