Changeset 47646 for branches/5.1/src/wp-includes/post.php

Timestamp:

04/29/2020 04:06:55 PM (5 years ago)

Author:

whyisjake

Message:

Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate user_activation_key on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand sanitize_file_name to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.1 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Location:

branches/5.1

Files:

• . (modified) (1 prop)
• src/wp-includes/post.php (modified) (3 diffs)

branches/5.1/src/wp-includes/post.php

@@ -3386 +3386 @@
     global $wpdb;
 
+    // Capture original pre-sanitized array for passing into filters.
+    $unsanitized_postarr = $postarr;
+
     $user_id = get_current_user_id();
 
@@ -3697 +3700 @@
          *
          * @since 3.9.0
+         * @since 5.4.1 `$unsanitized_postarr` argument added.
          *
-         * @param array $data    An array of sanitized attachment post data.
-         * @param array $postarr An array of unsanitized attachment post data.
+         * @param array $data                An array of slashed, sanitized, and processed attachment post data.
+         * @param array $postarr             An array of slashed and sanitized attachment post data, but not processed.
+         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed attachment post data
+         *                                   as originally passed to wp_insert_post().
          */
-        $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr );
+        $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr, $unsanitized_postarr );
     } else {
         /**
@@ -3707 +3713 @@
          *
          * @since 2.7.0
+         * @since 5.4.1 `$unsanitized_postarr` argument added.
          *
-         * @param array $data    An array of slashed post data.
-         * @param array $postarr An array of sanitized, but otherwise unmodified post data.
+         * @param array $data                An array of slashed, sanitized, and processed post data.
+         * @param array $postarr             An array of sanitized (and slashed) but otherwise unmodified post data.
+         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as
+         *                                   originally passed to wp_insert_post().
          */
-        $data = apply_filters( 'wp_insert_post_data', $data, $postarr );
+        $data = apply_filters( 'wp_insert_post_data', $data, $postarr, $unsanitized_postarr );
     }
     $data  = wp_unslash( $data );