Make WordPress Core

Ticket #27355: nav-menu-item-kses-filter-fix.diff

File nav-menu-item-kses-filter-fix.diff, 1.4 KB (added by westonruter, 9 years ago)
  • src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

    diff --git src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php
    index b89b56c..4f40b23 100644
    class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting { 
    639639                $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
    640640
    641641                // Apply the same filters as when calling wp_insert_post().
    642                 $menu_item_value['title'] = apply_filters( 'title_save_pre', $menu_item_value['title'] );
    643                 $menu_item_value['attr_title'] = apply_filters( 'excerpt_save_pre', $menu_item_value['attr_title'] );
    644                 $menu_item_value['description'] = apply_filters( 'content_save_pre', $menu_item_value['description'] );
     642                if ( ! current_user_can( 'unfiltered_html' ) ) {
     643                        $menu_item_value['title'] = wp_kses( $menu_item_value['title'], 'title_save_pre' );
     644                        $menu_item_value['attr_title'] = balanceTags( wp_kses_post( convert_invalid_entities( $menu_item_value['attr_title'] ) ) );
     645                        $menu_item_value['description'] = balanceTags( wp_kses_post( convert_invalid_entities( $menu_item_value['description'] ) ) );
     646                }
    645647
    646648                $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
    647649                if ( 'publish' !== $menu_item_value['status'] ) {