Make WordPress Core


Ignore:
Timestamp:
12/18/2018 09:31:14 PM (5 years ago)
Author:
desrosj
Message:

Editor: Remove unwanted fields before saving posts.

The meta_input, file, and guid fields are not intended to be updated through user input.

Merges [44047] to trunk.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/src/wp-admin/includes/ajax-actions.php

    r44153 r44295  
    22632263    }
    22642264
    2265     $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
     2265    $post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array();
     2266
     2267    if ( is_wp_error( $post_data ) ) {
     2268        wp_die( $post_data->get_error_message() );
     2269    }
    22662270
    22672271    // If the context is custom header or background, make sure the uploaded file is an image.
Note: See TracChangeset for help on using the changeset viewer.