Make WordPress Core


Ignore:
Timestamp:
08/21/2015 06:12:56 PM (9 years ago)
Author:
wonderboymusic
Message:

In wp_ajax_add_meta(), do not juggle the value of $_POST and alter it directly. This was done so that edit_post() could pull $_POST out of the air by-reference and alter it (equally as bad). edit_post() accepts a $post_data array. Do that instead.

See #33491.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r33662 r33697  
    11951195        // If the post is an autodraft, save the post as a draft and then attempt to save the meta.
    11961196        if ( $post->post_status == 'auto-draft' ) {
    1197             $save_POST = $_POST; // Backup $_POST
    1198             $_POST = array(); // Make it empty for edit_post()
    1199             $_POST['action'] = 'draft'; // Warning fix
    1200             $_POST['post_ID'] = $pid;
    1201             $_POST['post_type'] = $post->post_type;
    1202             $_POST['post_status'] = 'draft';
     1197            $post_data = array();
     1198            $post_data['action'] = 'draft'; // Warning fix
     1199            $post_data['post_ID'] = $pid;
     1200            $post_data['post_type'] = $post->post_type;
     1201            $post_data['post_status'] = 'draft';
    12031202            $now = current_time('timestamp', 1);
    1204             $_POST['post_title'] = sprintf( __( 'Draft created on %1$s at %2$s' ), date( get_option( 'date_format' ), $now ), date( get_option( 'time_format' ), $now ) );
    1205 
    1206             if ( $pid = edit_post() ) {
     1203            $post_data['post_title'] = sprintf( __( 'Draft created on %1$s at %2$s' ), date( get_option( 'date_format' ), $now ), date( get_option( 'time_format' ), $now ) );
     1204
     1205            $pid = edit_post( $post_data );
     1206            if ( $pid ) {
    12071207                if ( is_wp_error( $pid ) ) {
    12081208                    $x = new WP_Ajax_Response( array(
     
    12121212                    $x->send();
    12131213                }
    1214                 $_POST = $save_POST; // Now we can restore original $_POST again
     1214
    12151215                if ( !$mid = add_meta( $pid ) )
    12161216                    wp_die( __( 'Please provide a custom field value.' ) );
Note: See TracChangeset for help on using the changeset viewer.