Changeset 27576

Timestamp:

03/18/2014 12:14:48 AM (11 years ago)

Author:

nacin

Message:

Heartbeat: Hooks should always receive unslashed data.

This affects the privileged hooks; the unprivileged hooks already received unslashed data.

props johnbillion, TobiasBg.
fixes #27260.

Location:

trunk/src/wp-admin/includes

Files:

• ajax-actions.php (modified) (1 diff)
• post.php (modified) (1 diff)

trunk/src/wp-admin/includes/ajax-actions.php

@@ -2120 +2120 @@
 
     if ( ! empty($_POST['data']) ) {
-        $data = (array) $_POST['data'];
+        $data = wp_unslash( (array) $_POST['data'] );
 
         /**

trunk/src/wp-admin/includes/post.php

@@ -1451 +1451 @@
     if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
         // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
-        return edit_post( $post_data );
+        return edit_post( wp_slash( $post_data ) );
     } else {
         // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user.
-        return wp_create_post_autosave( $post_data );
-    }
-}
+        return wp_create_post_autosave( wp_slash( $post_data ) );
+    }
+}