WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/29/2020 04:15:39 PM (18 months ago)
Author:
whyisjake
Message:

Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate user_activation_key on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand sanitize_file_name to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47637], and [47638] to the 4.9 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, westonruter, whyisjake, whyisjake, xknown.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-includes/post.php

    r43707 r47648  
    31373137    global $wpdb;
    31383138
     3139    // Capture original pre-sanitized array for passing into filters.
     3140    $unsanitized_postarr = $postarr;
     3141
    31393142    $user_id = get_current_user_id();
    31403143
     
    34333436         *
    34343437         * @since 3.9.0
     3438         * @since 5.4.1 `$unsanitized_postarr` argument added.
    34353439         *
    3436          * @param array $data    An array of sanitized attachment post data.
    3437          * @param array $postarr An array of unsanitized attachment post data.
     3440         * @param array $data                An array of slashed, sanitized, and processed attachment post data.
     3441         * @param array $postarr             An array of slashed and sanitized attachment post data, but not processed.
     3442         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed attachment post data
     3443         *                                   as originally passed to wp_insert_post().
    34383444         */
    3439         $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr );
     3445        $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr, $unsanitized_postarr );
    34403446    } else {
    34413447        /**
     
    34433449         *
    34443450         * @since 2.7.0
     3451         * @since 5.4.1 `$unsanitized_postarr` argument added.
    34453452         *
    3446          * @param array $data    An array of slashed post data.
    3447          * @param array $postarr An array of sanitized, but otherwise unmodified post data.
     3453         * @param array $data                An array of slashed, sanitized, and processed post data.
     3454         * @param array $postarr             An array of sanitized (and slashed) but otherwise unmodified post data.
     3455         * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as
     3456         *                                   originally passed to wp_insert_post().
    34483457         */
    3449         $data = apply_filters( 'wp_insert_post_data', $data, $postarr );
     3458        $data = apply_filters( 'wp_insert_post_data', $data, $postarr, $unsanitized_postarr );
    34503459    }
    34513460    $data = wp_unslash( $data );
Note: See TracChangeset for help on using the changeset viewer.