[wp-trac] [WordPress Trac] #27260: Double-unslashing in "nopriv" handler of the Heartbeat API
WordPress Trac
noreply at wordpress.org
Thu Mar 6 00:29:41 UTC 2014
#27260: Double-unslashing in "nopriv" handler of the Heartbeat API
------------------------------+------------------
Reporter: TobiasBg | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.9
Component: Autosave | Version: 3.6
Severity: normal | Resolution:
Keywords: has-patch commit | Focuses:
------------------------------+------------------
Comment (by johnbillion):
[attachment:27260.patch] changes the Heartbeat API so it uses unslashed
data instead. The data should be slashed JIT before it goes into any API
function that does expect slashed data.
Of the four actions hooked into `heartbeat_received` in core, only
`heartbeat_autosave()` ultimately needs to deal with slashes. It calls
`wp_autosave()` which calls `edit_post()` and `wp_create_post_autosave()`,
both of which expect slashed data.
I think this is the preferable solution, otherwise we'll be stuck with an
otherwise wonderful Heartbeat API that uses slashed data.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27260#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list