Changeset 44047 for branches/5.0/src/wp-admin/includes/post.php
- Timestamp:
- 12/13/2018 01:24:11 AM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.0/src/wp-admin/includes/post.php
r43941 r44047 176 176 177 177 /** 178 * Returns only allowed post data fields 179 * 180 * @since 4.9.9 181 * 182 * @param array $post_data Array of post data. Defaults to the contents of $_POST. 183 * @return object|bool WP_Error on failure, true on success. 184 */ 185 function _wp_get_allowed_postdata( $post_data = null ) { 186 if ( empty( $post_data ) ) { 187 $post_data = $_POST; 188 } 189 190 // Pass through errors 191 if ( is_wp_error( $post_data ) ) { 192 return $post_data; 193 } 194 195 return array_diff_key( $post_data, array_flip( array( 'meta_input', 'file', 'guid' ) ) ); 196 } 197 198 /** 178 199 * Update an existing post with values provided in $_POST. 179 200 * … … 243 264 if ( is_wp_error($post_data) ) 244 265 wp_die( $post_data->get_error_message() ); 266 $translated = _wp_get_allowed_postdata( $post_data ); 245 267 246 268 // Post Formats … … 322 344 323 345 /** This filter is documented in wp-admin/includes/media.php */ 324 $ post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );346 $translated = apply_filters( 'attachment_fields_to_save', $translated, $attachment_data ); 325 347 } 326 348 … … 367 389 } 368 390 369 $ post_data['tax_input'][ $taxonomy ] = $clean_terms;391 $translated['tax_input'][ $taxonomy ] = $clean_terms; 370 392 } 371 393 } … … 375 397 update_post_meta( $post_ID, '_edit_last', get_current_user_id() ); 376 398 377 $success = wp_update_post( $ post_data);399 $success = wp_update_post( $translated ); 378 400 // If the save failed, see if we can sanity check the main fields and try again 379 401 if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) { … … 381 403 382 404 foreach ( $fields as $field ) { 383 if ( isset( $ post_data[ $field ] ) ) {384 $ post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );405 if ( isset( $translated[ $field ] ) ) { 406 $translated[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $translated[ $field ] ); 385 407 } 386 408 } 387 409 388 wp_update_post( $ post_data);410 wp_update_post( $translated ); 389 411 } 390 412 … … 546 568 } 547 569 570 $post_data['post_ID'] = $post_ID; 548 571 $post_data['post_type'] = $post->post_type; 549 572 $post_data['post_mime_type'] = $post->post_mime_type; 550 $post_data['guid'] = $post->guid;551 573 552 574 foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) { … … 556 578 } 557 579 558 $post_data['ID'] = $post_ID;559 $post_data['post_ID'] = $post_ID;560 561 580 $post_data = _wp_translate_postdata( true, $post_data ); 562 581 if ( is_wp_error( $post_data ) ) { … … 564 583 continue; 565 584 } 566 567 if ( isset( $post_data['post_format'] ) ) { 568 set_post_format( $post_ID, $post_data['post_format'] ); 585 $post_data = _wp_get_allowed_postdata( $post_data ); 586 587 if ( isset( $shared_post_data['post_format'] ) ) { 588 set_post_format( $post_ID, $shared_post_data['post_format'] ); 569 589 unset( $post_data['tax_input']['post_format'] ); 570 590 } … … 758 778 if ( is_wp_error($translated) ) 759 779 return $translated; 780 $translated = _wp_get_allowed_postdata( $translated ); 760 781 761 782 // Create the post. 762 $post_ID = wp_insert_post( $ _POST);783 $post_ID = wp_insert_post( $translated ); 763 784 if ( is_wp_error( $post_ID ) ) 764 785 return $post_ID; … … 1686 1707 if ( is_wp_error( $post_data ) ) 1687 1708 return $post_data; 1709 $post_data = _wp_get_allowed_postdata( $post_data ); 1688 1710 1689 1711 $post_author = get_current_user_id();
Note: See TracChangeset
for help on using the changeset viewer.