Make WordPress Core


Ignore:
Timestamp:
11/10/2016 02:09:40 AM (7 years ago)
Author:
joehoyle
Message:

REST API: unfiltered_html and slashing: terms.

Follow-up to #38609 and #38704; handle slashes correctly for taxonomy terms.

Props westonruter, jnylen0.
Fixes #38726, see #38609.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php

    r39126 r39190  
    381381        $prepared_term = $this->prepare_item_for_database( $request );
    382382
    383         $term = wp_insert_term( $prepared_term->name, $this->taxonomy, $prepared_term );
     383        $term = wp_insert_term( addslashes( $prepared_term->name ), $this->taxonomy, wp_slash( (array) $prepared_term ) );
    384384        if ( is_wp_error( $term ) ) {
    385385            /*
     
    492492        // Only update the term if we haz something to update.
    493493        if ( ! empty( $prepared_term ) ) {
    494             $update = wp_update_term( $term->term_id, $term->taxonomy, (array) $prepared_term );
     494            $update = wp_update_term( $term->term_id, $term->taxonomy, wp_slash( (array) $prepared_term ) );
    495495
    496496            if ( is_wp_error( $update ) ) {
     
    822822                    'type'         => 'string',
    823823                    'context'      => array( 'view', 'edit' ),
    824                     'arg_options'  => array(
    825                         'sanitize_callback' => 'wp_filter_post_kses',
    826                     ),
    827824                ),
    828825                'link'        => array(
Note: See TracChangeset for help on using the changeset viewer.