WordPress.org

Make WordPress Core

Changeset 11344


Ignore:
Timestamp:
05/15/2009 09:27:39 PM (9 years ago)
Author:
ryan
Message:

Escape posts passed as objects. Props Denis-de-Bernardy. fixes #9727

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r11323 r11344  
    16121612 * @since 1.0.0
    16131613 *
    1614  * @param array|object $postarr Post data.
     1614 * @param array|object $postarr Post data. Arrays are expected to be escaped, objects are not.
    16151615 * @return int 0 on failure, Post ID on success.
    16161616 */
    16171617function wp_update_post($postarr = array()) {
    1618     if ( is_object($postarr) )
     1618    if ( is_object($postarr) ) {
     1619        // non-escaped post was passed
    16191620        $postarr = get_object_vars($postarr);
     1621        $postarr = add_magic_quotes($postarr);
     1622    }
    16201623
    16211624    // First, get all of the original fields
Note: See TracChangeset for help on using the changeset viewer.