Changeset 60838 for branches/4.8/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

Timestamp:

09/30/2025 05:06:32 PM (6 months ago)

Author:

desrosj

Message:

Grouped backports for the 4.8 branch.

• REST API: Increase the specificity of capability checks for collections when the edit context is in use.
• Menus: Prevent HTML in menu item titles from being rendered unexpectedly.

Merges [60814], [60815], [60816] to the 4.8 branch.

Props andraganescu, desrosj, ehti, hurayraiit, iandunn, joehoyle, johnbillion, jorbin, mnelson4, noisysocks, peterwilsoncc, phillsav, rmccue, timothyblynjacobs, vortfu, westonruter , whyisjake, zieladam.

Location:

branches/4.8

Files:

• . (modified) (1 prop)
• src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php (modified) (11 diffs)

branches/4.8/src/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

@@ -59 +59 @@
         'xfn'              => '',
         'status'           => 'publish',
-        'original_title'   => '',
         'nav_menu_term_id' => 0, // This will be supplied as the $menu_id arg for wp_update_nav_menu_item().
         '_invalid'         => false,
@@ -225 +224 @@
      */
     public function value() {
-        if ( $this->is_previewed && $this->_previewed_blog_id === get_current_blog_id() ) {
+        $type_label = null;
+        if ( $this->is_previewed && get_current_blog_id() === $this->_previewed_blog_id ) {
             $undefined  = new stdClass(); // Symbol.
             $post_value = $this->post_value( $undefined );
@@ -233 +233 @@
             } else {
                 $value = $post_value;
-            }
-            if ( ! empty( $value ) && empty( $value['original_title'] ) ) {
-                $value['original_title'] = $this->get_original_title( (object) $value );
             }
         } elseif ( isset( $this->value ) ) {
@@ -248 +245 @@
                     $is_title_empty = empty( $post->post_title );
                     $value = (array) wp_setup_nav_menu_item( $post );
+                    if ( isset( $value['type_label'] ) ) {
+                        $type_label = $value['type_label'];
+                    }
                     if ( $is_title_empty ) {
                         $value['title'] = '';
@@ -264 +264 @@
         }
 
-        if ( ! empty( $value ) && empty( $value['type_label'] ) ) {
-            $value['type_label'] = $this->get_type_label( (object) $value );
-        }
-
+        // These properties are read-only and are part of the setting for use in the Customizer UI.
+        if ( is_array( $value ) ) {
+            $value_obj               = (object) $value;
+            $value['type_label']     = isset( $type_label ) ? $type_label : $this->get_type_label( $value_obj );
+            $value['original_title'] = $this->get_original_title( $value_obj );
+        }
+
+        return $value;
+    }
+
+    /**
+     * Prepares the value for editing on the client.
+     *
+     * @since 6.8.3
+     *
+     * @return array|false Value prepared for the client.
+     */
+    public function js_value() {
+        $value = parent::js_value();
+        if ( is_array( $value ) && isset( $value['original_title'] ) ) {
+            // Decode entities for the sake of displaying the original title as a placeholder.
+            $value['original_title'] = html_entity_decode( $value['original_title'], ENT_QUOTES, get_bloginfo( 'charset' ) );
+        }
         return $value;
     }
@@ -278 +297 @@
      *
      * @param object $item Nav menu item.
-     * @return string The original title.
+     * @return string The original title, without entity decoding.
      */
     protected function get_original_title( $item ) {
@@ -304 +323 @@
             }
         }
-        $original_title = html_entity_decode( $original_title, ENT_QUOTES, get_bloginfo( 'charset' ) );
         return $original_title;
     }
@@ -362 +380 @@
             $this->value['status'] = $this->value['post_status'];
             unset( $this->value['post_status'] );
-        }
-
-        if ( ! isset( $this->value['original_title'] ) ) {
-            $this->value['original_title'] = $this->get_original_title( (object) $this->value );
         }
 
@@ -607 +621 @@
         unset( $item->position );
 
-        if ( empty( $item->original_title ) ) {
-            $item->original_title = $this->get_original_title( $item );
-        }
         if ( empty( $item->title ) && ! empty( $item->original_title ) ) {
-            $item->title = $item->original_title;
+            $item->title = $item->original_title; // This is NOT entity-decoded. It comes from self::get_original_title().
         }
         if ( $item->title ) {
@@ -662 +673 @@
      * @access public
      *
-     * @param array $menu_item_value The value to sanitize.
+     * @param array|false $menu_item_value The value to sanitize.
      * @return array|false|null Null if an input isn't valid. False if it is marked for deletion.
      *                          Otherwise the sanitized value.
@@ -716 +727 @@
         }
 
-        $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
-
         // Apply the same filters as when calling wp_insert_post().
         $menu_item_value['title'] = wp_unslash( apply_filters( 'title_save_pre', wp_slash( $menu_item_value['title'] ) ) );