WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/13/2018 01:37:30 AM (3 years ago)
Author:
pento
Message:

Editor: Remove unwanted fields before saving posts.

The meta_input, file, and guid fields are not intended to be updated through user input.

Merges [44047] to the 4.9 branch.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-admin/includes/ajax-actions.php

    r43502 r44053  
    21062106    }
    21072107
    2108     $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
     2108    $post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array();
     2109
     2110    if ( is_wp_error( $post_data ) ) {
     2111        wp_die( $post_data->get_error_message() );
     2112    }
    21092113
    21102114    // If the context is custom header or background, make sure the uploaded file is an image.
Note: See TracChangeset for help on using the changeset viewer.