Ticket #24248: 24248.2.diff
File 24248.2.diff, 3.1 KB (added by , 9 years ago) |
---|
-
src/wp-includes/post.php
2916 2916 'context' => '', 2917 2917 ); 2918 2918 2919 $postarr = wp_parse_args($postarr, $defaults); 2919 if ( ! empty( $postarr['guid'] ) ) { 2920 $guid = esc_url_raw( $postarr['guid'] ); 2921 } 2920 2922 2923 $postarr = wp_parse_args( $postarr, $defaults ); 2924 2921 2925 unset( $postarr[ 'filter' ] ); 2922 2926 2923 2927 $postarr = sanitize_post($postarr, 'db'); … … 2925 2929 // Are we updating or creating? 2926 2930 $post_ID = 0; 2927 2931 $update = false; 2928 $guid = $postarr['guid'];2929 2932 2930 2933 if ( ! empty( $postarr['ID'] ) ) { 2931 2934 $update = true; … … 2940 2943 return 0; 2941 2944 } 2942 2945 2943 $guid = get_post_field( 'guid', $post_ID );2944 $previous_status = get_post_field( 'post_status', $post_ID);2946 $guid = get_post_field( 'guid', $post_ID, 'raw' ); 2947 $previous_status = get_post_field( 'post_status', $post_ID, 'raw' ); 2945 2948 } else { 2946 2949 $previous_status = 'new'; 2947 2950 } … … 3023 3026 } else { 3024 3027 // On updates, we need to check to see if it's using the old, fixed sanitization context. 3025 3028 $check_name = sanitize_title( $post_name, '', 'old-save' ); 3026 if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID ) == $check_name ) {3029 if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID, 'raw' ) == $check_name ) { 3027 3030 $post_name = $check_name; 3028 3031 } else { // new post, or slug has changed. 3029 $post_name = sanitize_title( $post_name);3032 $post_name = sanitize_title( $post_name ); 3030 3033 } 3031 3034 } 3032 3035 … … 3262 3265 } 3263 3266 } 3264 3267 3265 $current_guid = get_post_field( 'guid', $post_ID );3268 $current_guid = get_post_field( 'guid', $post_ID, 'raw' ); 3266 3269 3267 3270 // Set GUID. 3268 3271 if ( ! $update && '' == $current_guid ) { -
tests/phpunit/tests/post.php
1229 1229 $this->assertEquals(get_date_from_gmt($post['post_date_gmt']), $out->post_date); 1230 1230 $this->assertEquals($post['post_date_gmt'], $out->post_date_gmt); 1231 1231 } 1232 1233 1234 /** 1235 * Tests 'guid' not properly escaped 1236 * @ticket 24248 1237 */ 1238 function test_wp_guid_escaped_properly() { 1239 1240 $guid = 'http://example.org/?p=77&test=blah'; 1241 1242 //Insert new post with guid 1243 $id = wp_insert_post( array( 1244 'post_author' => $this->author_id, 1245 'post_status' => 'new', 1246 'post_content' => rand_str(), 1247 'post_title' => rand_str(), 1248 'guid' => $guid, 1249 ) ); 1250 $post = get_post( $id ); 1251 1252 $this->assertEquals( $guid, $post->guid ); 1253 1254 //Update post 1255 $id = wp_update_post( array( 1256 'ID' => $id, 1257 'post_status' => 'publish', 1258 'post_content' => rand_str(), 1259 'post_title' => rand_str(), 1260 ) ); 1261 $post = get_post( $id ); 1262 1263 $this->assertEquals( $guid, $post->guid ); 1264 } 1265 1232 1266 }