Ticket #22936: 22936.1.diff

src/wp-includes/class-wp-xmlrpc-server.php

@@ -3243 +3243 @@
                         if ( $this->blog_options[$o_name]['readonly'] == true )
                                 continue;
 
-                        update_option( $this->blog_options[$o_name]['option'], $o_value );
+                        update_option( $this->blog_options[$o_name]['option'], stripslashes( $o_value ) );
                 }
 
                 //Now return the updated values

tests/phpunit/tests/xmlrpc/wp/setOptions.php

@@ +1 @@
+<?php
+
+/**
+ * @group xmlrpc
+ */
+class Tests_XMLRPC_wp_setOptions extends WP_XMLRPC_UnitTestCase {
+
+        /**
+         * @ticket 22936
+         */
+        function test_set_option_no_escape_strings() {
+
+                $this->make_user_by_role( 'administrator' );
+                $string_with_quote = "Mary's Lamb Shop";
+
+                $result = $this->myxmlrpcserver->wp_setOptions( array( 1, 'administrator', 'administrator', array( "blog_title" => $string_with_quote ) ) );
+
+                $this->assertInternalType( 'array', $result );
+                $this->assertEquals( $string_with_quote, $result['blog_title']['value'] );
+
+        }
+
+}