Ticket #19373: wp-19373-20130728-refresh.diff
File wp-19373-20130728-refresh.diff, 3.0 KB (added by , 11 years ago) |
---|
-
wp-includes/post.php
2616 2616 * 2617 2617 * @param array $postarr Elements that make up post to insert. 2618 2618 * @param bool $wp_error Optional. Allow return of WP_Error on failure. 2619 * @param bool $sanitize Optional. Run "current user" sanitization routines on $postarr. 2619 2620 * @return int|WP_Error The value 0 or WP_Error on failure. The post ID on success. 2620 2621 */ 2621 function wp_insert_post($postarr, $wp_error = false ) {2622 function wp_insert_post($postarr, $wp_error = false, $sanitize = true) { 2622 2623 global $wpdb, $user_ID; 2623 2624 2624 2625 $defaults = array('post_status' => 'draft', 'post_type' => 'post', 'post_author' => $user_ID, … … 2627 2628 'guid' => '', 'post_content_filtered' => '', 'post_excerpt' => '', 'import_id' => 0, 2628 2629 'post_content' => '', 'post_title' => ''); 2629 2630 2630 $postarr = wp_parse_args( $postarr, $defaults);2631 $postarr = wp_parse_args( $postarr, $defaults ); 2631 2632 2632 2633 unset( $postarr[ 'filter' ] ); 2633 2634 2634 $postarr = sanitize_post($postarr, 'db'); 2635 if ( $sanitize ) { 2636 $postarr = sanitize_post( $postarr, 'db' ); 2637 } 2635 2638 2636 2639 // export array as variables 2637 2640 extract($postarr, EXTR_SKIP); … … 2685 2688 $post_category = array(); 2686 2689 } 2687 2690 2688 if ( empty($post_author) ) 2689 $post_author = $user_ID; 2691 // if no post author is set, try to use current logged in user or return error 2692 if ( empty( $post_author ) ) { 2693 if ( !empty( $user_ID ) ) { 2694 $post_author = $user_ID; 2695 } 2696 else { 2697 if ( $wp_error ) 2698 return new WP_Error( 'empty_author', __( 'Post author field was not set and there is no current user context to pull the user ID from.' ) ); 2699 else 2700 return 0; 2701 } 2702 } 2690 2703 2691 2704 // Don't allow contributors to set the post slug for pending review posts 2692 if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) )2705 if ( 'pending' == $post_status && $sanitize && !current_user_can( 'publish_posts' ) ) 2693 2706 $post_name = ''; 2694 2707 2695 2708 // Create a valid post name. Drafts and pending posts are allowed to have an empty … … 2705 2718 if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $ID ) == $check_name ) 2706 2719 $post_name = $check_name; 2707 2720 else // new post, or slug has changed. 2708 $post_name = sanitize_title( $post_name);2721 $post_name = sanitize_title( $post_name ); 2709 2722 } 2710 2723 2711 2724 // If the post date is empty (due to having been new or a draft) and status is not 'draft' or 'pending', set date to now … … 2834 2847 // new-style support for all custom taxonomies 2835 2848 if ( !empty($tax_input) ) { 2836 2849 foreach ( $tax_input as $taxonomy => $tags ) { 2837 $taxonomy_obj = get_taxonomy( $taxonomy);2850 $taxonomy_obj = get_taxonomy( $taxonomy ); 2838 2851 if ( is_array($tags) ) // array = hierarchical, string = non-hierarchical. 2839 2852 $tags = array_filter($tags); 2840 if ( current_user_can($taxonomy_obj->cap->assign_terms) )2853 if ( !$sanitize || current_user_can($taxonomy_obj->cap->assign_terms) ) 2841 2854 wp_set_post_terms( $post_ID, $tags, $taxonomy ); 2842 2855 } 2843 2856 }