WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/29/2020 04:06:55 PM (15 months ago)
Author:
whyisjake
Message:

Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate user_activation_key on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand sanitize_file_name to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.1 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Location:
branches/5.1
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.1

  • branches/5.1/src/wp-includes/post.php

    r44687 r47646  
    33863386    global $wpdb;
    33873387
     3388    // Capture original pre-sanitized array for passing into filters.
     3389    $unsanitized_postarr = $postarr;
     3390
    33883391    $user_id = get_current_user_id();
    33893392
     
    36973700         *
    36983701         * @since 3.9.0
     3702         * @since 5.4.1 `$unsanitized_postarr` argument added.
    36993703         *
    3700          * @param array $data    An array of sanitized attachment post data.
    3701          * @param array $postarr An array of unsanitized attachment post data.
     3704         * @param array $data                An array of slashed, sanitized, and processed attachment post data.
     3705         * @param array $postarr             An array of slashed and sanitized attachment post data, but not processed.
     3706         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed attachment post data
     3707         *                                   as originally passed to wp_insert_post().
    37023708         */
    3703         $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr );
     3709        $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr, $unsanitized_postarr );
    37043710    } else {
    37053711        /**
     
    37073713         *
    37083714         * @since 2.7.0
     3715         * @since 5.4.1 `$unsanitized_postarr` argument added.
    37093716         *
    3710          * @param array $data    An array of slashed post data.
    3711          * @param array $postarr An array of sanitized, but otherwise unmodified post data.
     3717         * @param array $data                An array of slashed, sanitized, and processed post data.
     3718         * @param array $postarr             An array of sanitized (and slashed) but otherwise unmodified post data.
     3719         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as
     3720         *                                   originally passed to wp_insert_post().
    37123721         */
    3713         $data = apply_filters( 'wp_insert_post_data', $data, $postarr );
     3722        $data = apply_filters( 'wp_insert_post_data', $data, $postarr, $unsanitized_postarr );
    37143723    }
    37153724    $data  = wp_unslash( $data );
Note: See TracChangeset for help on using the changeset viewer.