'guid' not properly escaped
|Reported by:||meloniq||Owned by:|
|Component:||Posts, Post Types||Keywords:||has-patch needs-unit-tests 3.7-early|
Description (last modified by SergeyBiryukov)
'guid' being saved in database not properly escaped, example:
http://www.wordpress.dev/?post_type=changeset&p=57 , see the ampersand encode &
It supposed to be & or at least &
Once 'auto-draft' saved, 'guid' is correct: http://www.wordpress.dev/?post_type=changeset&p=57
Once post is saved as 'draft' or published (triggered 'update post' on auto-draft), 'guid' gets malformed.
Source of issue: inappropriate usage of get_post_field() function in the wp_insert_post()
get_post_field() defaults to 'display' context, we not specify context while obtaining field, and in the wp_insert_post() we are not going to display it anywhere, just get, check, and save again, correct?
Attached patch adds the 'raw' context to usage of get_post_field() with 'guid'
Change History (8)
comment:3 SergeyBiryukov — 10 months ago
- Keywords needs-unit-tests 3.7-early added; needs-testing removed
- Milestone changed from Awaiting Review to Future Release
- Version changed from trunk to 2.5