Changeset 39155 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

Timestamp:

11/08/2016 05:54:22 AM (7 years ago)

Author:

rmccue

Message:

REST API: Respect unfiltered_html for HTML post fields.

This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems.

Props jnylen0.
Fixes #38609.

File:

• trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php (modified) (3 diffs)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

@@ -143 +143 @@
         }
 
-        $id = wp_insert_post( $attachment, true );
+        $id = wp_insert_post( wp_slash( (array) $attachment ), true );
 
         if ( is_wp_error( $id ) ) {
@@ -251 +251 @@
         if ( isset( $request['caption'] ) ) {
             if ( is_string( $request['caption'] ) ) {
-                $prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption'] );
+                $prepared_attachment->post_excerpt = $request['caption'];
             } elseif ( isset( $request['caption']['raw'] ) ) {
-                $prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption']['raw'] );
+                $prepared_attachment->post_excerpt = $request['caption']['raw'];
             }
         }
@@ -260 +260 @@
         if ( isset( $request['description'] ) ) {
             if ( is_string( $request['description'] ) ) {
-                $prepared_attachment->post_content = wp_filter_post_kses( $request['description'] );
+                $prepared_attachment->post_content = $request['description'];
             } elseif ( isset( $request['description']['raw'] ) ) {
-                $prepared_attachment->post_content = wp_filter_post_kses( $request['description']['raw'] );
+                $prepared_attachment->post_content = $request['description']['raw'];
             }
         }