WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/29/2020 03:45:27 PM (18 months ago)
Author:
whyisjake
Message:

Customize: Add additional filters to Customizer to prevent JSON corruption.

This solution extends the wp_insert_post_data filter to pass in addition to the slashed/sanitized/processed data, and the slashed/sanitized/unprocessed data, to also pass the initial slashed/unsanitized/unprocessed data which was passed into wp_insert_post(). This then allows plugins to have complete control over how sanitization is performed based on the post type.

Brings the changes in [47633] to the 5.4 branch.

Props westonruter, peterwilsoncc, sstoqnov, whyisjake, xknown.

Location:
branches/5.4
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.4

  • branches/5.4/src/wp-includes/post.php

    r47394 r47639  
    35663566    global $wpdb;
    35673567
     3568    // Capture original pre-sanitized array for passing into filters.
     3569    $unsanitized_postarr = $postarr;
     3570
    35683571    $user_id = get_current_user_id();
    35693572
     
    38903893         *
    38913894         * @since 3.9.0
     3895         * @since 5.4.1 `$unsanitized_postarr` argument added.
    38923896         *
    3893          * @param array $data    An array of sanitized attachment post data.
    3894          * @param array $postarr An array of unsanitized attachment post data.
     3897         * @param array $data                An array of slashed, sanitized, and processed attachment post data.
     3898         * @param array $postarr             An array of slashed and sanitized attachment post data, but not processed.
     3899         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed attachment post data
     3900         *                                   as originally passed to wp_insert_post().
    38953901         */
    3896         $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr );
     3902        $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr, $unsanitized_postarr );
    38973903    } else {
    38983904        /**
     
    39003906         *
    39013907         * @since 2.7.0
     3908         * @since 5.4.1 `$unsanitized_postarr` argument added.
    39023909         *
    3903          * @param array $data    An array of slashed post data.
    3904          * @param array $postarr An array of sanitized, but otherwise unmodified post data.
     3910         * @param array $data                An array of slashed, sanitized, and processed post data.
     3911         * @param array $postarr             An array of sanitized (and slashed) but otherwise unmodified post data.
     3912         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as
     3913         *                                   originally passed to wp_insert_post().
    39053914         */
    3906         $data = apply_filters( 'wp_insert_post_data', $data, $postarr );
     3915        $data = apply_filters( 'wp_insert_post_data', $data, $postarr, $unsanitized_postarr );
    39073916    }
    39083917    $data  = wp_unslash( $data );
Note: See TracChangeset for help on using the changeset viewer.