Make WordPress Core


Ignore:
Timestamp:
11/09/2015 12:47:55 AM (9 years ago)
Author:
westonruter
Message:

Customize: Improve alignment of WP_Customize_Nav_Menu_Item_Setting::sanitize() behavior with wp_update_nav_menu_item().

  • Apply title_save_pre, excerpt_save_pre, and content_save_pre filters on a nav menu item's title, attr_title, and description properties respectively. This ensures that arbitrary markup can be supplied if the user has unfiltered_html cap, and for these fields to have markup stripped if not.
  • Ensure a nav menu item's post_status is sanitized as publish or draft using the same conditions as wp_update_nav_menu_item().
  • Align WP_Customize_Nav_Menu_Item_Setting::sanitize() behavior for sanitizing position to be the same as wp_update_nav_menu_item().
  • Also apply nav_menu_attr_title and nav_menu_description filters in WP_Customize_Nav_Menu_Item_Setting::value_as_wp_post_nav_menu_item() to ensure that previewing markup entered into menu item description will preview the same way as when the nav menu item is saved.
  • Add unit tests.

Fixes #32812.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

    r35500 r35580  
    573573        }
    574574
     575        /** This filter is documented in wp-includes/nav-menu.php */
     576        $post->attr_title = apply_filters( 'nav_menu_attr_title', $post->attr_title );
     577
     578        /** This filter is documented in wp-includes/nav-menu.php */
     579        $post->description = apply_filters( 'nav_menu_description', wp_trim_words( $post->description, 200 ) );
     580
    575581        return $post;
    576582    }
     
    620626        $menu_item_value = array_merge( $default, $menu_item_value );
    621627        $menu_item_value = wp_array_slice_assoc( $menu_item_value, array_keys( $default ) );
    622         $menu_item_value['position'] = max( 0, intval( $menu_item_value['position'] ) );
     628        $menu_item_value['position'] = intval( $menu_item_value['position'] );
    623629
    624630        foreach ( array( 'object_id', 'menu_item_parent', 'nav_menu_term_id' ) as $key ) {
     
    639645        }
    640646
    641         foreach ( array( 'title', 'attr_title', 'description', 'original_title' ) as $key ) {
    642             // @todo Should esc_attr() the attr_title as well?
    643             $menu_item_value[ $key ] = sanitize_text_field( $menu_item_value[ $key ] );
    644         }
     647        $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
     648
     649        // Apply the same filters as when calling wp_insert_post().
     650        $menu_item_value['title'] = apply_filters( 'title_save_pre', $menu_item_value['title'] );
     651        $menu_item_value['attr_title'] = apply_filters( 'excerpt_save_pre', $menu_item_value['attr_title'] );
     652        $menu_item_value['description'] = apply_filters( 'content_save_pre', $menu_item_value['description'] );
    645653
    646654        $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
    647         if ( ! get_post_status_object( $menu_item_value['status'] ) ) {
    648             $menu_item_value['status'] = 'publish';
     655        if ( 'publish' !== $menu_item_value['status'] ) {
     656            $menu_item_value['status'] = 'draft';
    649657        }
    650658
Note: See TracChangeset for help on using the changeset viewer.