Changeset 60820 for branches/6.6/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

Timestamp:

09/30/2025 05:00:33 PM (5 months ago)

Author:

desrosj

Message:

Grouped backports for the 6.6 branch.

• REST API: Increase the specificity of capability checks for collections when the edit context is in use.
• Menus: Prevent HTML in menu item titles from being rendered unexpectedly.

Merges [60814], [60815], [60816] to the 6.6 branch.

Props andraganescu, desrosj, ehti, hurayraiit, iandunn, joehoyle, johnbillion, jorbin, mnelson4, noisysocks, peterwilsoncc, phillsav, rmccue, timothyblynjacobs, vortfu, westonruter , whyisjake, zieladam.

Location:

branches/6.6

Files:

• . (modified) (1 prop)
• src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php (modified) (12 diffs)

branches/6.6/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

@@ -57 +57 @@
         'xfn'              => '',
         'status'           => 'publish',
-        'original_title'   => '',
         'nav_menu_term_id' => 0, // This will be supplied as the $menu_id arg for wp_update_nav_menu_item().
         '_invalid'         => false,
@@ -211 +210 @@
      */
     public function value() {
+        $type_label = null;
         if ( $this->is_previewed && get_current_blog_id() === $this->_previewed_blog_id ) {
             $undefined  = new stdClass(); // Symbol.
@@ -219 +219 @@
             } else {
                 $value = $post_value;
-            }
-            if ( ! empty( $value ) && empty( $value['original_title'] ) ) {
-                $value['original_title'] = $this->get_original_title( (object) $value );
             }
         } elseif ( isset( $this->value ) ) {
@@ -234 +231 @@
                     $is_title_empty = empty( $post->post_title );
                     $value          = (array) wp_setup_nav_menu_item( $post );
+                    if ( isset( $value['type_label'] ) ) {
+                        $type_label = $value['type_label'];
+                    }
                     if ( $is_title_empty ) {
                         $value['title'] = '';
@@ -250 +250 @@
         }
 
-        if ( ! empty( $value ) && empty( $value['type_label'] ) ) {
-            $value['type_label'] = $this->get_type_label( (object) $value );
+        // These properties are read-only and are part of the setting for use in the Customizer UI.
+        if ( is_array( $value ) ) {
+            $value_obj               = (object) $value;
+            $value['type_label']     = isset( $type_label ) ? $type_label : $this->get_type_label( $value_obj );
+            $value['original_title'] = $this->get_original_title( $value_obj );
         }
 
@@ -258 +261 @@
 
     /**
+     * Prepares the value for editing on the client.
+     *
+     * @since 6.8.3
+     *
+     * @return array|false Value prepared for the client.
+     */
+    public function js_value() {
+        $value = parent::js_value();
+        if ( is_array( $value ) && isset( $value['original_title'] ) ) {
+            // Decode entities for the sake of displaying the original title as a placeholder.
+            $value['original_title'] = html_entity_decode( $value['original_title'], ENT_QUOTES, get_bloginfo( 'charset' ) );
+        }
+        return $value;
+    }
+
+    /**
      * Get original title.
      *
@@ -263 +282 @@
      *
      * @param object $item Nav menu item.
-     * @return string The original title.
+     * @return string The original title, without entity decoding.
      */
     protected function get_original_title( $item ) {
@@ -289 +308 @@
             }
         }
-        $original_title = html_entity_decode( $original_title, ENT_QUOTES, get_bloginfo( 'charset' ) );
         return $original_title;
     }
@@ -345 +363 @@
             $this->value['status'] = $this->value['post_status'];
             unset( $this->value['post_status'] );
-        }
-
-        if ( ! isset( $this->value['original_title'] ) ) {
-            $this->value['original_title'] = $this->get_original_title( (object) $this->value );
         }
 
@@ -595 +609 @@
         unset( $item->position );
 
-        if ( empty( $item->original_title ) ) {
-            $item->original_title = $this->get_original_title( $item );
-        }
         if ( empty( $item->title ) && ! empty( $item->original_title ) ) {
-            $item->title = $item->original_title;
+            $item->title = $item->original_title; // This is NOT entity-decoded. It comes from self::get_original_title().
         }
         if ( $item->title ) {
@@ -655 +666 @@
      * @since 5.9.0 Renamed `$menu_item_value` to `$value` for PHP 8 named parameter support.
      *
-     * @param array $value The menu item value to sanitize.
+     * @param array|false $value The menu item value to sanitize.
      * @return array|false|null|WP_Error Null or WP_Error if an input isn't valid. False if it is marked for deletion.
      *                                   Otherwise the sanitized value.
@@ -712 +723 @@
         }
 
-        $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
-
         // Apply the same filters as when calling wp_insert_post().