Make WordPress Core


Ignore:
Timestamp:
12/13/2018 01:24:11 AM (6 years ago)
Author:
pento
Message:

Editor: Remove unwanted fields before saving posts.

The meta_input, file, and guid fields are not intended to be updated through user input.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0/src/wp-admin/includes/ajax-actions.php

    r43811 r44047  
    20912091    }
    20922092
    2093     $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
     2093    $post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array();
     2094
     2095    if ( is_wp_error( $post_data ) ) {
     2096        wp_die( $post_data->get_error_message() );
     2097    }
    20942098
    20952099    // If the context is custom header or background, make sure the uploaded file is an image.
Note: See TracChangeset for help on using the changeset viewer.