Ticket #24248: 24248.diff
File 24248.diff, 3.1 KB (added by , 9 years ago) |
---|
-
src/wp-includes/post-functions.php
2894 2894 'context' => '', 2895 2895 ); 2896 2896 2897 $postarr = wp_parse_args($postarr, $defaults); 2897 if ( ! empty( $postarr['guid'] ) ) { 2898 $guid = esc_url_raw( $postarr['guid'] ); 2899 } 2898 2900 2901 $postarr = wp_parse_args( $postarr, $defaults ); 2902 2899 2903 unset( $postarr[ 'filter' ] ); 2900 2904 2901 2905 $postarr = sanitize_post($postarr, 'db'); … … 2903 2907 // Are we updating or creating? 2904 2908 $post_ID = 0; 2905 2909 $update = false; 2906 $guid = $postarr['guid'];2907 2910 2908 2911 if ( ! empty( $postarr['ID'] ) ) { 2909 2912 $update = true; … … 2918 2921 return 0; 2919 2922 } 2920 2923 2921 $guid = get_post_field( 'guid', $post_ID );2922 $previous_status = get_post_field( 'post_status', $post_ID);2924 $guid = get_post_field( 'guid', $post_ID, 'raw' ); 2925 $previous_status = get_post_field( 'post_status', $post_ID, 'raw' ); 2923 2926 } else { 2924 2927 $previous_status = 'new'; 2925 2928 } … … 3001 3004 } else { 3002 3005 // On updates, we need to check to see if it's using the old, fixed sanitization context. 3003 3006 $check_name = sanitize_title( $post_name, '', 'old-save' ); 3004 if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID ) == $check_name ) {3007 if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID, 'raw' ) == $check_name ) { 3005 3008 $post_name = $check_name; 3006 3009 } else { // new post, or slug has changed. 3007 $post_name = sanitize_title( $post_name);3010 $post_name = sanitize_title( $post_name ); 3008 3011 } 3009 3012 } 3010 3013 … … 3239 3242 } 3240 3243 } 3241 3244 3242 $current_guid = get_post_field( 'guid', $post_ID );3245 $current_guid = get_post_field( 'guid', $post_ID, 'raw' ); 3243 3246 3244 3247 // Set GUID. 3245 3248 if ( ! $update && '' == $current_guid ) { -
tests/phpunit/tests/post.php
1234 1234 $this->assertEquals(get_date_from_gmt($post['post_date_gmt']), $out->post_date); 1235 1235 $this->assertEquals($post['post_date_gmt'], $out->post_date_gmt); 1236 1236 } 1237 1238 1239 /** 1240 * Tests 'guid' not properly escaped 1241 * @ticket 24248 1242 */ 1243 function test_wp_guid_escaped_properly() { 1244 1245 $guid = 'http://example.org/?p=77&test=blah'; 1246 1247 //Insert new post with guid 1248 $id = wp_insert_post( array( 1249 'post_author' => $this->author_id, 1250 'post_status' => 'new', 1251 'post_content' => rand_str(), 1252 'post_title' => rand_str(), 1253 'guid' => $guid, 1254 ) ); 1255 $post = get_post( $id ); 1256 1257 $this->assertEquals( $guid, $post->guid ); 1258 1259 //Update post 1260 $id = wp_update_post( array( 1261 'ID' => $id, 1262 'post_status' => 'publish', 1263 'post_content' => rand_str(), 1264 'post_title' => rand_str(), 1265 ) ); 1266 $post = get_post( $id ); 1267 1268 $this->assertEquals( $guid, $post->guid ); 1269 } 1270 1237 1271 }