Changeset 36622
- Timestamp:
- 02/23/2016 01:01:43 AM (9 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-setting.php
r36416 r36622 497 497 */ 498 498 public function sanitize( $value ) { 499 $value = wp_unslash( $value );500 499 501 500 /** -
trunk/src/wp-includes/customize/class-wp-customize-nav-menu-setting.php
r35724 r36622 514 514 515 515 $menu_id = $is_placeholder ? 0 : $this->term_id; 516 $r = wp_update_nav_menu_object( $menu_id, $menu_data);516 $r = wp_update_nav_menu_object( $menu_id, wp_slash( $menu_data ) ); 517 517 $original_name = $menu_data['menu-name']; 518 518 $name_conflict_suffix = 1; … … 521 521 /* translators: 1: original menu name, 2: duplicate count */ 522 522 $menu_data['menu-name'] = sprintf( __( '%1$s (%2$d)' ), $original_name, $name_conflict_suffix ); 523 $r = wp_update_nav_menu_object( $menu_id, $menu_data);523 $r = wp_update_nav_menu_object( $menu_id, wp_slash( $menu_data ) ); 524 524 } 525 525 -
trunk/src/wp-includes/nav-menu.php
r36608 r36622 197 197 * Creates a navigation menu. 198 198 * 199 * Note that <code>$menu_name</code> is expected to be pre-slashed. 200 * 199 201 * @since 3.0.0 200 202 * … … 203 205 */ 204 206 function wp_create_nav_menu( $menu_name ) { 207 // expected_slashed ($menu_name) 205 208 return wp_update_nav_menu_object( 0, array( 'menu-name' => $menu_name ) ); 206 209 } … … 253 256 * Save the properties of a menu or create a new menu with those properties. 254 257 * 258 * Note that <code>$menu_data</code> is expected to be pre-slashed. 259 * 255 260 * @since 3.0.0 256 261 * … … 260 265 */ 261 266 function wp_update_nav_menu_object( $menu_id = 0, $menu_data = array() ) { 267 // expected_slashed ($menu_data) 262 268 $menu_id = (int) $menu_id; 263 269 -
trunk/src/wp-includes/widgets/class-wp-nav-menu-widget.php
r34662 r36622 93 93 $instance = array(); 94 94 if ( ! empty( $new_instance['title'] ) ) { 95 $instance['title'] = sanitize_text_field( stripslashes( $new_instance['title'] ));95 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 96 96 } 97 97 if ( ! empty( $new_instance['nav_menu'] ) ) { -
trunk/src/wp-includes/widgets/class-wp-widget-tag-cloud.php
r35576 r36622 99 99 public function update( $new_instance, $old_instance ) { 100 100 $instance = array(); 101 $instance['title'] = sanitize_text_field( stripslashes( $new_instance['title'] ));101 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 102 102 $instance['taxonomy'] = stripslashes($new_instance['taxonomy']); 103 103 return $instance; -
trunk/src/wp-includes/widgets/class-wp-widget-text.php
r34609 r36622 81 81 $instance = $old_instance; 82 82 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 83 if ( current_user_can('unfiltered_html') ) 84 $instance['text'] = $new_instance['text']; 85 else 86 $instance['text'] = wp_kses_post( stripslashes( $new_instance['text'] ) ); 83 if ( current_user_can( 'unfiltered_html' ) ) { 84 $instance['text'] = $new_instance['text']; 85 } else { 86 $instance['text'] = wp_kses_post( $new_instance['text'] ); 87 } 87 88 $instance['filter'] = ! empty( $new_instance['filter'] ); 88 89 return $instance; -
trunk/tests/phpunit/tests/customize/nav-menu-setting.php
r35242 r36622 115 115 do_action( 'customize_register', $this->wp_customize ); 116 116 $default = array( 117 'name' => 'Lorem ',118 'description' => 'ipsum ',117 'name' => 'Lorem \\o/', 118 'description' => 'ipsum \\o/', 119 119 'parent' => 123, 120 120 ); … … 132 132 do_action( 'customize_register', $this->wp_customize ); 133 133 134 $menu_name = 'Test 123 ';135 $parent_menu_id = wp_create_nav_menu( "Parent $menu_name");136 $description = 'Hello my world .';137 $menu_id = wp_update_nav_menu_object( 0, array(134 $menu_name = 'Test 123 \\o/'; 135 $parent_menu_id = wp_create_nav_menu( wp_slash( "Parent $menu_name" ) ); 136 $description = 'Hello my world \\o/.'; 137 $menu_id = wp_update_nav_menu_object( 0, wp_slash( array( 138 138 'menu-name' => $menu_name, 139 139 'parent' => $parent_menu_id, 140 140 'description' => $description, 141 ) ) ;141 ) ) ); 142 142 143 143 $setting_id = "nav_menu[$menu_id]"; … … 154 154 155 155 $new_menu_name = 'Foo'; 156 wp_update_nav_menu_object( $menu_id, array( 'menu-name' => $new_menu_name) );156 wp_update_nav_menu_object( $menu_id, wp_slash( array( 'menu-name' => $new_menu_name ) ) ); 157 157 $updated_value = $setting->value(); 158 158 $this->assertEquals( $new_menu_name, $updated_value['name'] ); … … 167 167 do_action( 'customize_register', $this->wp_customize ); 168 168 169 $menu_id = wp_update_nav_menu_object( 0, array(170 'menu-name' => 'Name 1 ',171 'description' => 'Description 1 ',169 $menu_id = wp_update_nav_menu_object( 0, wp_slash( array( 170 'menu-name' => 'Name 1 \\o/', 171 'description' => 'Description 1 \\o/', 172 172 'parent' => 0, 173 ) ) ;173 ) ) ); 174 174 $setting_id = "nav_menu[$menu_id]"; 175 175 $setting = new WP_Customize_Nav_Menu_Setting( $this->wp_customize, $setting_id ); … … 179 179 180 180 $post_value = array( 181 'name' => 'Name 2 ',182 'description' => 'Description 2 ',181 'name' => 'Name 2 \\o/', 182 'description' => 'Description 2 \\o/', 183 183 'parent' => 1, 184 184 'auto_add' => true, … … 187 187 188 188 $value = $setting->value(); 189 $this->assertEquals( 'Name 1 ', $value['name'] );190 $this->assertEquals( 'Description 1 ', $value['description'] );189 $this->assertEquals( 'Name 1 \\o/', $value['name'] ); 190 $this->assertEquals( 'Description 1 \\o/', $value['description'] ); 191 191 $this->assertEquals( 0, $value['parent'] ); 192 192 … … 200 200 $setting->preview(); 201 201 $value = $setting->value(); 202 $this->assertEquals( 'Name 2 ', $value['name'] );203 $this->assertEquals( 'Description 2 ', $value['description'] );202 $this->assertEquals( 'Name 2 \\o/', $value['name'] ); 203 $this->assertEquals( 'Description 2 \\o/', $value['description'] ); 204 204 $this->assertEquals( 1, $value['parent'] ); 205 205 $term = (array) wp_get_nav_menu_object( $menu_id ); … … 218 218 $this->assertInternalType( 'int', $i, 'Update-previewed menu does not appear in wp_get_nav_menus()' ); 219 219 $filtered_menu = $menus[ $i ]; 220 $this->assertEquals( 'Name 2 ', $filtered_menu->name );220 $this->assertEquals( 'Name 2 \\o/', $filtered_menu->name ); 221 221 } 222 222 … … 231 231 $menu_id = -123; 232 232 $post_value = array( 233 'name' => 'New Menu Name 1 ',234 'description' => 'New Menu Description 1 ',233 'name' => 'New Menu Name 1 \\o/', 234 'description' => 'New Menu Description 1 \\o/', 235 235 'parent' => 0, 236 236 'auto_add' => false, … … 263 263 $this->assertInternalType( 'int', $i, 'Insert-previewed menu was not injected into wp_get_nav_menus()' ); 264 264 $filtered_menu = $menus[ $i ]; 265 $this->assertEquals( 'New Menu Name 1 ', $filtered_menu->name );265 $this->assertEquals( 'New Menu Name 1 \\o/', $filtered_menu->name ); 266 266 } 267 267 … … 274 274 do_action( 'customize_register', $this->wp_customize ); 275 275 276 $menu_id = wp_update_nav_menu_object( 0, array(277 'menu-name' => 'Name 1 ',278 'description' => 'Description 1 ',276 $menu_id = wp_update_nav_menu_object( 0, wp_slash( array( 277 'menu-name' => 'Name 1 \\o/', 278 'description' => 'Description 1 \\o/', 279 279 'parent' => 0, 280 ) ) ;280 ) ) ); 281 281 $setting_id = "nav_menu[$menu_id]"; 282 282 $setting = new WP_Customize_Nav_Menu_Setting( $this->wp_customize, $setting_id ); … … 313 313 314 314 $value = array( 315 'name' => ' Hello <b>world</b> ',316 'description' => "New\nline ",315 'name' => ' Hello \\o/ <b>world</b> ', 316 'description' => "New\nline \\o/", 317 317 'parent' => -12, 318 318 'auto_add' => true, … … 320 320 ); 321 321 $sanitized = $setting->sanitize( $value ); 322 $this->assertEquals( 'Hello <b>world</b>', $sanitized['name'] );323 $this->assertEquals( 'New line ', $sanitized['description'] );322 $this->assertEquals( 'Hello \\o/ <b>world</b>', $sanitized['name'] ); 323 $this->assertEquals( 'New line \\o/', $sanitized['description'] ); 324 324 $this->assertEquals( 0, $sanitized['parent'] ); 325 325 $this->assertEquals( true, $sanitized['auto_add'] ); … … 339 339 do_action( 'customize_register', $this->wp_customize ); 340 340 341 $menu_id = wp_update_nav_menu_object( 0, array(342 'menu-name' => 'Name 1 ',343 'description' => 'Description 1 ',341 $menu_id = wp_update_nav_menu_object( 0, wp_slash( array( 342 'menu-name' => 'Name 1 \\o/', 343 'description' => 'Description 1 \\o/', 344 344 'parent' => 0, 345 ) ) ;345 ) ) ); 346 346 $nav_menu_options = $this->get_nav_menu_items_option(); 347 347 $nav_menu_options['auto_add'][] = $menu_id; … … 353 353 $auto_add = false; 354 354 $new_value = array( 355 'name' => 'Name 2 ',356 'description' => 'Description 2 ',355 'name' => 'Name 2 \\o/', 356 'description' => 'Description 2 \\o/', 357 357 'parent' => 1, 358 358 'auto_add' => $auto_add, … … 401 401 $menu_id = -123; 402 402 $post_value = array( 403 'name' => 'New Menu Name 1 ',404 'description' => 'New Menu Description 1 ',403 'name' => 'New Menu Name 1 \\o/', 404 'description' => 'New Menu Description 1 \\o/', 405 405 'parent' => 0, 406 406 'auto_add' => true, … … 449 449 450 450 $menu_name = 'Foo'; 451 wp_update_nav_menu_object( 0, array( 'menu-name' => $menu_name) );451 wp_update_nav_menu_object( 0, wp_slash( array( 'menu-name' => $menu_name ) ) ); 452 452 453 453 $menu_id = -123; … … 473 473 do_action( 'customize_register', $this->wp_customize ); 474 474 475 $menu_name = 'Lorem Ipsum ';476 $menu_id = wp_create_nav_menu( $menu_name);475 $menu_name = 'Lorem Ipsum \\o/'; 476 $menu_id = wp_create_nav_menu( wp_slash( $menu_name ) ); 477 477 $setting_id = "nav_menu[$menu_id]"; 478 478 $setting = new WP_Customize_Nav_Menu_Setting( $this->wp_customize, $setting_id ); … … 507 507 $this->assertNotContains( $menu_id, $nav_menu_options['auto_add'] ); 508 508 } 509 510 509 } -
trunk/tests/phpunit/tests/customize/setting.php
r35724 r36622 68 68 69 69 public $post_data_overrides = array( 70 'unset_option_overridden' => 'unset_option_post_override_value ',71 'unset_theme_mod_overridden' => 'unset_theme_mod_post_override_value ',72 'set_option_overridden' => 'set_option_post_override_value ',73 'set_theme_mod_overridden' => 'set_theme_mod_post_override_value ',74 'unset_option_multi_overridden[foo]' => 'unset_option_multi_overridden[foo]_post_override_value ',75 'unset_theme_mod_multi_overridden[foo]' => 'unset_theme_mod_multi_overridden[foo]_post_override_value ',76 'set_option_multi_overridden[foo]' => 'set_option_multi_overridden[foo]_post_override_value ',77 'set_theme_mod_multi_overridden[foo]' => 'set_theme_mod_multi_overridden[foo]_post_override_value ',70 'unset_option_overridden' => 'unset_option_post_override_value\\o/', 71 'unset_theme_mod_overridden' => 'unset_theme_mod_post_override_value\\o/', 72 'set_option_overridden' => 'set_option_post_override_value\\o/', 73 'set_theme_mod_overridden' => 'set_theme_mod_post_override_value\\o/', 74 'unset_option_multi_overridden[foo]' => 'unset_option_multi_overridden[foo]_post_override_value\\o/', 75 'unset_theme_mod_multi_overridden[foo]' => 'unset_theme_mod_multi_overridden[foo]_post_override_value\\o/', 76 'set_option_multi_overridden[foo]' => 'set_option_multi_overridden[foo]_post_override_value\\o/', 77 'set_theme_mod_multi_overridden[foo]' => 'set_theme_mod_multi_overridden[foo]_post_override_value\\o/', 78 78 ); 79 79 … … 300 300 $type = 'custom_type'; 301 301 $post_data_overrides = array( 302 "unset_{$type}_with_post_value" => "unset_{$type}_without_post_value ",303 "set_{$type}_with_post_value" => "set_{$type}_without_post_value ",302 "unset_{$type}_with_post_value" => "unset_{$type}_without_post_value\\o/", 303 "set_{$type}_with_post_value" => "set_{$type}_without_post_value\\o/", 304 304 ); 305 305 $_POST['customized'] = wp_slash( wp_json_encode( $post_data_overrides ) ); … … 418 418 419 419 // Try setting post value without user as admin. 420 $this->manager->set_post_value( $setting->id, 'hello world ' );420 $this->manager->set_post_value( $setting->id, 'hello world \\o/' ); 421 421 $this->assertFalse( $setting->save() ); 422 422 $this->assertTrue( 0 === did_action( 'customize_update_custom' ) ); … … 438 438 */ 439 439 function handle_customize_update_custom_foo_action( $value, $setting = null ) { 440 $this->assertEquals( 'hello world ', $value );440 $this->assertEquals( 'hello world \\o/', $value ); 441 441 $this->assertInstanceOf( 'WP_Customize_Setting', $setting ); 442 442 }
Note: See TracChangeset
for help on using the changeset viewer.