Ticket #35869: 35869.0.diff

src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

@@ -639 +639 @@
                 $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
 
                 // Apply the same filters as when calling wp_insert_post().
-                $menu_item_value['title'] = apply_filters( 'title_save_pre', $menu_item_value['title'] );
-                $menu_item_value['attr_title'] = apply_filters( 'excerpt_save_pre', $menu_item_value['attr_title'] );
-                $menu_item_value['description'] = apply_filters( 'content_save_pre', $menu_item_value['description'] );
+                $menu_item_value['title'] = wp_unslash( apply_filters( 'title_save_pre', wp_slash( $menu_item_value['title'] ) ) );
+                $menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) );
+                $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );
 
                 $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
                 if ( 'publish' !== $menu_item_value['status'] ) {
@@ -776 +776 @@
                         $r = wp_update_nav_menu_item(
                                 $value['nav_menu_term_id'],
                                 $is_placeholder ? 0 : $this->post_id,
-                                $menu_item_data
+                                wp_slash( $menu_item_data )
                         );
 
                         if ( is_wp_error( $r ) ) {

src/wp-includes/nav-menu.php

@@ -344 +344 @@
 /**
  * Save the properties of a menu item or create a new one.
  *
+ * The menu-item-title, menu-item-description, and menu-item-attr-title are expected
+ * to be pre-slashed since they are passed directly into <code>wp_insert_post()</code>.
+ *
  * @since 3.0.0
  *
  * @param int   $menu_id         The ID of the menu. Required. If "0", makes the menu item a draft orphan.