Ticket #24248: 24248.3.diff
File 24248.3.diff, 2.8 KB (added by , 8 years ago) |
---|
-
src/wp-includes/post.php
3039 3039 'context' => '', 3040 3040 ); 3041 3041 3042 $postarr = wp_parse_args($postarr, $defaults); 3042 if ( ! empty( $postarr['guid'] ) ) { 3043 $guid = esc_url_raw( $postarr['guid'] ); 3044 } 3043 3045 3046 $postarr = wp_parse_args( $postarr, $defaults ); 3047 3044 3048 unset( $postarr[ 'filter' ] ); 3045 3049 3046 3050 $postarr = sanitize_post($postarr, 'db'); … … 3048 3052 // Are we updating or creating? 3049 3053 $post_ID = 0; 3050 3054 $update = false; 3051 $guid = $postarr['guid'];3052 3055 3053 3056 if ( ! empty( $postarr['ID'] ) ) { 3054 3057 $update = true; … … 3063 3066 return 0; 3064 3067 } 3065 3068 3066 $guid = get_post_field( 'guid', $post_ID );3067 $previous_status = get_post_field( 'post_status', $post_ID);3069 $guid = get_post_field( 'guid', $post_ID, 'raw' ); 3070 $previous_status = get_post_field( 'post_status', $post_ID, 'raw' ); 3068 3071 } else { 3069 3072 $previous_status = 'new'; 3070 3073 } … … 3149 3152 } else { 3150 3153 // On updates, we need to check to see if it's using the old, fixed sanitization context. 3151 3154 $check_name = sanitize_title( $post_name, '', 'old-save' ); 3152 if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID ) == $check_name ) {3155 if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID, 'raw' ) == $check_name ) { 3153 3156 $post_name = $check_name; 3154 3157 } else { // new post, or slug has changed. 3155 $post_name = sanitize_title( $post_name);3158 $post_name = sanitize_title( $post_name ); 3156 3159 } 3157 3160 } 3158 3161 … … 3410 3413 } 3411 3414 } 3412 3415 3413 $current_guid = get_post_field( 'guid', $post_ID );3416 $current_guid = get_post_field( 'guid', $post_ID, 'raw' ); 3414 3417 3415 3418 // Set GUID. 3416 3419 if ( ! $update && '' == $current_guid ) { -
tests/phpunit/tests/post.php
1258 1258 $this->assertEquals( 0, get_post( $page_id )->post_parent ); 1259 1259 } 1260 1260 1261 /** 1262 * Tests 'guid' not properly escaped 1263 * @ticket 24248 1264 */ 1265 function test_wp_guid_escaped_properly() { 1266 $guid = 'http://example.org/?p=77&test=blah'; 1267 //Insert new post with guid 1268 $id = wp_insert_post( array( 1269 'post_author' => $this->author_id, 1270 'post_status' => 'new', 1271 'post_content' => rand_str(), 1272 'post_title' => rand_str(), 1273 'guid' => $guid, 1274 ) ); 1275 $post = get_post( $id ); 1276 1277 $this->assertEquals( $guid, $post->guid ); 1278 1279 //Update post 1280 $id = wp_update_post( array( 1281 'ID' => $id, 1282 'post_status' => 'publish', 1283 'post_content' => rand_str(), 1284 'post_title' => rand_str(), 1285 ) ); 1286 $post = get_post( $id ); 1287 1288 $this->assertEquals( $guid, $post->guid ); 1289 } 1261 1290 }