Ticket #34893: 34893.1.diff
File 34893.1.diff, 5.0 KB (added by , 8 years ago) |
---|
-
src/wp-includes/class-wp-customize-manager.php
diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php index daa15e6..00ed0ef 100644
final class WP_Customize_Manager { 957 957 wp_send_json_error( 'invalid_nonce' ); 958 958 } 959 959 960 // Validate settings. 961 $invalid_settings = array(); 962 foreach ( $this->unsanitized_post_values() as $setting_id => $unsanitized_value ) { 963 $setting = $this->get_setting( $setting_id ); 964 if ( ! $setting ) { 965 continue; 966 } 967 $valid = $setting->validate( $unsanitized_value ); 968 if ( false === $valid ) { 969 $valid = new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); 970 } 971 if ( is_wp_error( $valid ) ) { 972 $invalid_settings[ $setting_id ] = $valid; 973 } 974 } 975 $invalid_count = count( $invalid_settings ); 976 if ( $invalid_count > 0 ) { 977 $response = array( 978 'invalid_settings' => $invalid_settings, 979 'message' => sprintf( _n( 'There is %d invalid setting.', 'There are %d invalid settings.', $invalid_count ), $invalid_count ), 980 ); 981 982 /** This filter is documented in wp-includes/class-wp-customize-manager.php */ 983 $response = apply_filters( 'customize_save_response', $response, $this ); 984 wp_send_json_error( $response ); 985 } 986 960 987 // Do we have to switch themes? 961 988 if ( ! $this->is_theme_active() ) { 962 989 // Temporarily stop previewing the theme to allow switch_themes() -
src/wp-includes/class-wp-customize-setting.php
diff --git src/wp-includes/class-wp-customize-setting.php src/wp-includes/class-wp-customize-setting.php index 434dec7..3f98590 100644
class WP_Customize_Setting { 59 59 * 60 60 * @var callback 61 61 */ 62 public $validate_callback = ''; 62 63 public $sanitize_callback = ''; 63 64 public $sanitize_js_callback = ''; 64 65 … … class WP_Customize_Setting { 142 143 $this->id .= '[' . implode( '][', $this->id_data['keys'] ) . ']'; 143 144 } 144 145 146 if ( $this->validate_callback ) { 147 add_filter( "customize_validate_{$this->id}", $this->validate_callback, 10, 3 ); 148 } 145 149 if ( $this->sanitize_callback ) { 146 add_filter( "customize_sanitize_{$this->id}", $this->sanitize_callback, 10, 2);150 add_filter( "customize_sanitize_{$this->id}", $this->sanitize_callback, 10, 3 ); 147 151 } 148 152 if ( $this->sanitize_js_callback ) { 149 153 add_filter( "customize_sanitize_js_{$this->id}", $this->sanitize_js_callback, 10, 2 ); … … class WP_Customize_Setting { 491 495 * Sanitize an input. 492 496 * 493 497 * @since 3.4.0 498 * @since 4.5.0 Added $strict parameter. 494 499 * 495 * @param string|array $value The value to sanitize. 496 * @return string|array|null Null if an input isn't valid, otherwise the sanitized value. 500 * @param string|array $value The value to sanitize. 501 * @param bool $strict Whether validation is being performed. 502 * @return string|array|null|WP_Error Null or WP_Error (when $strict) if an input isn't valid, otherwise the sanitized value. 497 503 */ 498 public function sanitize( $value ) {499 $value = wp_unslash( $value ); 504 public function sanitize( $value, $strict = false ) { 505 $value = wp_unslash( $value ); // @todo Remove this because it is erroneously stripping slashes. $_POST['customized'] is already unslashed when parsed as JSON. Try entering \o/ in the blogname for example. 500 506 501 507 /** 502 508 * Filter a Customize setting value in un-slashed form. 503 509 * 504 510 * @since 3.4.0 511 * @since 4.5.0 Added $strict param which is true when validation is being done. 505 512 * 506 513 * @param mixed $value Value of the setting. 507 514 * @param WP_Customize_Setting $this WP_Customize_Setting instance. 508 515 */ 509 return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); 516 return apply_filters( "customize_sanitize_{$this->id}", $value, $this, $strict ); 517 } 518 519 /** 520 * Validate an input. 521 * 522 * @since 4.5.0 523 * @see WP_REST_Request::has_valid_params() 524 * 525 * @param string|array $unsanitized_value The value to validate. 526 * @return bool|WP_Error Whether an input isn't valid, or an WP_Error explaining why it isn't valid. 527 */ 528 public function validate( $unsanitized_value ) { 529 $valid = true; 530 531 $strict = true; 532 $sanitized_value = $this->sanitize( $unsanitized_value, $strict ); 533 if ( null === $sanitized_value ) { 534 $valid = false; 535 } else if ( is_wp_error( $sanitized_value ) ) { 536 $valid = $sanitized_value; 537 } 538 539 /** 540 * Filter the validation state of a Customize setting value. 541 * 542 * @since 4.5.0 543 * 544 * @param 545 * @param bool|WP_Error $valid Validity of the value based on sanitization. 546 * @param mixed $sanitized_value Sanitized value of the setting. 547 * @param mixed $unsanitized_value Unsanitized value of the setting. 548 * @param WP_Customize_Setting $this WP_Customize_Setting instance. 549 */ 550 $valid = apply_filters( "customize_validate_{$this->id}", $valid, $sanitized_value, $unsanitized_value, $this ); 551 552 return $valid; 510 553 } 511 554 512 555 /**