Changeset 18346 for trunk/wp-admin/includes/post.php

Timestamp:

06/27/2011 03:56:42 PM (14 years ago)

Author:

ryan

Message:

Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi.

File:

• trunk/wp-admin/includes/post.php (modified) (2 diffs)

trunk/wp-admin/includes/post.php

@@ -142 +142 @@
     if ( empty($post_data) )
         $post_data = &$_POST;
+
+    // Clear out any data in internal vars.
+    if ( isset( $post_data['filter'] ) )
+        unset( $post_data['filter'] );
 
     $post_ID = (int) $post_data['post_ID'];
@@ -559 +563 @@
             return edit_post();
         }
+    }
+
+    // Edit don't write if we have a post id.
+    if ( isset( $_POST['ID'] ) ) {
+        $_POST['post_ID'] = $_POST['ID'];
+        unset ( $_POST['ID'] );
+    }
+    if ( isset( $_POST['post_ID'] ) ) {
+        return edit_post();
     }