Changeset 39155 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

Timestamp:

11/08/2016 05:54:22 AM (9 years ago)

Author:

rmccue

Message:

REST API: Respect unfiltered_html for HTML post fields.

This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems.

Props jnylen0.
Fixes #38609.

File:

• trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php (modified) (5 diffs)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

@@ -489 +489 @@
 
         $post->post_type = $this->post_type;
-        $post_id         = wp_insert_post( $post, true );
+        $post_id         = wp_insert_post( wp_slash( (array) $post ), true );
 
         if ( is_wp_error( $post_id ) ) {
@@ -629 +629 @@
 
         // convert the post object to an array, otherwise wp_update_post will expect non-escaped input.
-        $post_id = wp_update_post( (array) $post, true );
+        $post_id = wp_update_post( wp_slash( (array) $post ), true );
 
         if ( is_wp_error( $post_id ) ) {
@@ -970 +970 @@
         if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) {
             if ( is_string( $request['title'] ) ) {
-                $prepared_post->post_title = wp_filter_post_kses( $request['title'] );
+                $prepared_post->post_title = $request['title'];
             } elseif ( ! empty( $request['title']['raw'] ) ) {
-                $prepared_post->post_title = wp_filter_post_kses( $request['title']['raw'] );
+                $prepared_post->post_title = $request['title']['raw'];
             }
         }
@@ -979 +979 @@
         if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) {
             if ( is_string( $request['content'] ) ) {
-                $prepared_post->post_content = wp_filter_post_kses( $request['content'] );
+                $prepared_post->post_content = $request['content'];
             } elseif ( isset( $request['content']['raw'] ) ) {
-                $prepared_post->post_content = wp_filter_post_kses( $request['content']['raw'] );
+                $prepared_post->post_content = $request['content']['raw'];
             }
         }
@@ -988 +988 @@
         if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) {
             if ( is_string( $request['excerpt'] ) ) {
-                $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt'] );
+                $prepared_post->post_excerpt = $request['excerpt'];
             } elseif ( isset( $request['excerpt']['raw'] ) ) {
-                $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt']['raw'] );
+                $prepared_post->post_excerpt = $request['excerpt']['raw'];
             }
         }