Make WordPress Core


Ignore:
Timestamp:
02/22/2016 12:13:53 AM (9 years ago)
Author:
westonruter
Message:

Customize: Fix previewing and updating of nav menu items containing slashed/slashable characters.

Prevents slashes from being added when a user without unfiltered_html previews a nav menu item containing an apostrophe or some other slashable character, and prevents the loss of an intentional slash (e.g. "\o/") when saving a nav menu item, regardless of capability.

Fixes #35869.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

    r36586 r36608  
    640640
    641641        // Apply the same filters as when calling wp_insert_post().
    642         $menu_item_value['title'] = apply_filters( 'title_save_pre', $menu_item_value['title'] );
    643         $menu_item_value['attr_title'] = apply_filters( 'excerpt_save_pre', $menu_item_value['attr_title'] );
    644         $menu_item_value['description'] = apply_filters( 'content_save_pre', $menu_item_value['description'] );
     642        $menu_item_value['title'] = wp_unslash( apply_filters( 'title_save_pre', wp_slash( $menu_item_value['title'] ) ) );
     643        $menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) );
     644        $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );
    645645
    646646        $menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
     
    777777                $value['nav_menu_term_id'],
    778778                $is_placeholder ? 0 : $this->post_id,
    779                 $menu_item_data
     779                wp_slash( $menu_item_data )
    780780            );
    781781
Note: See TracChangeset for help on using the changeset viewer.