Changeset 18356 for branches/3.1/wp-admin/includes/post.php

Timestamp:

06/27/2011 09:36:48 PM (14 years ago)

Author:

ryan

Message:

Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi. For 3.1.

Location:

branches/3.1

Files:

• . (modified) (1 prop)
• wp-admin/includes/post.php (modified) (2 diffs)

branches/3.1/wp-admin/includes/post.php

@@ -135 +135 @@
     if ( empty($post_data) )
         $post_data = &$_POST;
+
+    // Clear out any data in internal vars.
+    if ( isset( $post_data['filter'] ) )
+        unset( $post_data['filter'] );
 
     $post_ID = (int) $post_data['post_ID'];
@@ -552 +556 @@
             return edit_post();
         }
+    }
+
+    // Edit don't write if we have a post id.
+    if ( isset( $_POST['ID'] ) ) {
+        $_POST['post_ID'] = $_POST['ID'];
+        unset ( $_POST['ID'] );
+    }
+    if ( isset( $_POST['post_ID'] ) ) {
+        return edit_post();
     }