WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/29/2020 03:12:50 PM (7 months ago)
Author:
whyisjake
Message:

Customize: Add additional filters to Customizer to prevent JSON corruption.

This solution extends the wp_insert_post_data filter to pass in addition to the slashed/sanitized/processed data, and the slashed/sanitized/unprocessed data, to also pass the initial slashed/unsanitized/unprocessed data which was passed into wp_insert_post(). This then allows plugins to have complete control over how sanitization is performed based on the post type.

Props westonruter, peterwilsoncc, sstoqnov, whyisjake, xknown.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/post.php

    r47611 r47633  
    35953595    global $wpdb;
    35963596
     3597    // Capture original pre-sanitized array for passing into filters.
     3598    $unsanitized_postarr = $postarr;
     3599
    35973600    $user_id = get_current_user_id();
    35983601
     
    39193922         *
    39203923         * @since 3.9.0
     3924         * @since 5.4.1 `$unsanitized_postarr` argument added.
    39213925         *
    3922          * @param array $data    An array of sanitized attachment post data.
    3923          * @param array $postarr An array of unsanitized attachment post data.
     3926         * @param array $data                An array of slashed, sanitized, and processed attachment post data.
     3927         * @param array $postarr             An array of slashed and sanitized attachment post data, but not processed.
     3928         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed attachment post data
     3929         *                                   as originally passed to wp_insert_post().
    39243930         */
    3925         $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr );
     3931        $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr, $unsanitized_postarr );
    39263932    } else {
    39273933        /**
     
    39293935         *
    39303936         * @since 2.7.0
     3937         * @since 5.4.1 `$unsanitized_postarr` argument added.
    39313938         *
    3932          * @param array $data    An array of slashed post data.
    3933          * @param array $postarr An array of sanitized, but otherwise unmodified post data.
     3939         * @param array $data                An array of slashed, sanitized, and processed post data.
     3940         * @param array $postarr             An array of sanitized (and slashed) but otherwise unmodified post data.
     3941         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as
     3942         *                                   originally passed to wp_insert_post().
    39343943         */
    3935         $data = apply_filters( 'wp_insert_post_data', $data, $postarr );
     3944        $data = apply_filters( 'wp_insert_post_data', $data, $postarr, $unsanitized_postarr );
    39363945    }
    39373946    $data  = wp_unslash( $data );
Note: See TracChangeset for help on using the changeset viewer.