WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/13/2018 01:58:33 AM (3 years ago)
Author:
pento
Message:

Editor: Remove unwanted fields before saving posts.

The meta_input, file, and guid fields are not intended to be updated through user input.

Merges [44047] to the 3.9 branch.

Location:
branches/3.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.9

  • branches/3.9/src/wp-admin/includes/ajax-actions.php

    r37803 r44072  
    16051605    }
    16061606
    1607     $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
     1607    $post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array();
     1608
     1609    if ( is_wp_error( $post_data ) ) {
     1610        wp_die( $post_data->get_error_message() );
     1611    }
    16081612
    16091613    // If the context is custom header or background, make sure the uploaded file is an image.
Note: See TracChangeset for help on using the changeset viewer.