Changeset 44072 for branches/3.9/src/wp-admin/includes/post.php
- Timestamp:
- 12/13/2018 01:58:33 AM (6 years ago)
- Location:
- branches/3.9
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.9
- Property svn:mergeinfo changed
/branches/5.0 merged: 44047
- Property svn:mergeinfo changed
-
branches/3.9/src/wp-admin/includes/post.php
r37820 r44072 177 177 178 178 /** 179 * Returns only allowed post data fields 180 * 181 * @since 4.9.9 182 * 183 * @param array $post_data Array of post data. Defaults to the contents of $_POST. 184 * @return object|bool WP_Error on failure, true on success. 185 */ 186 function _wp_get_allowed_postdata( $post_data = null ) { 187 if ( empty( $post_data ) ) { 188 $post_data = $_POST; 189 } 190 191 // Pass through errors 192 if ( is_wp_error( $post_data ) ) { 193 return $post_data; 194 } 195 196 return array_diff_key( $post_data, array_flip( array( 'meta_input', 'file', 'guid' ) ) ); 197 } 198 199 /** 179 200 * Update an existing post with values provided in $_POST. 180 201 * … … 242 263 if ( is_wp_error($post_data) ) 243 264 wp_die( $post_data->get_error_message() ); 265 $translated = _wp_get_allowed_postdata( $post_data ); 244 266 245 267 // Post Formats … … 319 341 320 342 /** This filter is documented in wp-admin/includes/media.php */ 321 $ post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );343 $translated = apply_filters( 'attachment_fields_to_save', $translated, $attachment_data ); 322 344 } 323 345 … … 326 348 update_post_meta( $post_ID, '_edit_last', get_current_user_id() ); 327 349 328 $success = wp_update_post( $ post_data);350 $success = wp_update_post( $translated ); 329 351 // If the save failed, see if we can sanity check the main fields and try again 330 352 if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) { … … 332 354 333 355 foreach( $fields as $field ) { 334 if ( isset( $ post_data[ $field ] ) ) {335 $ post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );356 if ( isset( $translated[ $field ] ) ) { 357 $translated[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $translated[ $field ] ); 336 358 } 337 359 } 338 360 339 wp_update_post( $ post_data);361 wp_update_post( $translated ); 340 362 } 341 363 … … 495 517 } 496 518 519 $post_data['post_ID'] = $post_ID; 497 520 $post_data['post_type'] = $post->post_type; 498 521 $post_data['post_mime_type'] = $post->post_mime_type; 499 $post_data['guid'] = $post->guid;500 522 501 523 foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) { … … 505 527 } 506 528 507 $post_data['ID'] = $post_ID;508 $post_data['post_ID'] = $post_ID;509 510 529 $post_data = _wp_translate_postdata( true, $post_data ); 511 530 if ( is_wp_error( $post_data ) ) { … … 513 532 continue; 514 533 } 534 $post_data = _wp_get_allowed_postdata( $post_data ); 515 535 516 536 $updated[] = wp_update_post( $post_data ); … … 523 543 } 524 544 525 if ( isset( $ post_data['post_format'] ) )526 set_post_format( $post_ID, $ post_data['post_format'] );545 if ( isset( $shared_post_data['post_format'] ) ) 546 set_post_format( $post_ID, $shared_post_data['post_format'] ); 527 547 } 528 548 … … 702 722 if ( is_wp_error($translated) ) 703 723 return $translated; 724 $translated = _wp_get_allowed_postdata( $translated ); 704 725 705 726 // Create the post. 706 $post_ID = wp_insert_post( $ _POST);727 $post_ID = wp_insert_post( $translated ); 707 728 if ( is_wp_error( $post_ID ) ) 708 729 return $post_ID; … … 1539 1560 if ( is_wp_error( $post_data ) ) 1540 1561 return $post_data; 1562 $post_data = _wp_get_allowed_postdata( $post_data ); 1541 1563 1542 1564 $post_author = get_current_user_id();
Note: See TracChangeset
for help on using the changeset viewer.