Make WordPress Core

Changeset 48416


Ignore:
Timestamp:
07/10/2020 05:58:49 AM (4 years ago)
Author:
whyisjake
Message:

Menus: Ensure that category menus with special characters can be updated.

Slashes and HTML encoding could cause some menus not to be updated.

Fixes #48011.

Props zaheerahmad, achyuthajoy, desrosj, pento, SergeyBiryukov, donmhico, audrasjb, birgire, mikeschroder.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/nav-menu.php

    r48109 r48416  
    493493        }
    494494
    495         if ( $args['menu-item-title'] == $original_title ) {
     495        if ( wp_unslash( $args['menu-item-title'] ) == wp_specialchars_decode( $original_title ) ) {
    496496            $args['menu-item-title'] = '';
    497497        }
  • trunk/tests/phpunit/tests/post/nav-menu.php

    r47122 r48416  
    957957    }
    958958
     959    /**
     960     * Tests `wp_update_nav_menu_item()` with special characters in a category name.
     961     *
     962     * When inserting a category as a nav item, the `$args['menu-item-title']` should
     963     * always be empty as it should get the title from the category object itself.
     964     *
     965     * @ticket 48011
     966     */
     967    function test_wp_update_nav_menu_item_with_special_character_in_categories() {
     968
     969        $category_name = 'Test Cat - \"Pre-Slashed\" Cat Name & >';
     970
     971        $cat = self::factory()->category->create_and_get(
     972            array(
     973                'name' => $category_name,
     974            )
     975        );
     976
     977        add_action( 'wp_update_nav_menu_item', array( $this, 'callback_wp_update_nav_menu_item_48011' ), 10, 3 );
     978
     979        wp_update_nav_menu_item(
     980            $this->menu_id,
     981            0,
     982            array(
     983                'menu-item-type'      => 'taxonomy',
     984                'menu-item-object'    => 'category',
     985                'menu-item-object-id' => $cat->term_id,
     986                'menu-item-status'    => 'publish',
     987                /**
     988                 * Interestingly enough, if we use `$cat->name` for the menu item title,
     989                 * we won't be able to replicate the bug because it's in htmlentities form.
     990                 */
     991                'menu-item-title'     => $category_name,
     992            )
     993        );
     994    }
     995
     996    /**
     997     * Callback for the `wp_update_nav_menu_item` action.
     998     *
     999     * @since 5.5.0
     1000     */
     1001    function callback_wp_update_nav_menu_item_48011( $menu_id, $menu_item_db_id, $args ) {
     1002        $this->assertEmpty( $args['menu-item-title'] );
     1003    }
    9591004}
Note: See TracChangeset for help on using the changeset viewer.