[wp-trac] [WordPress Trac] #32812: Customizer Menus: Escaping inconsistencies
WordPress Trac
noreply at wordpress.org
Sun Nov 8 04:47:17 UTC 2015
#32812: Customizer Menus: Escaping inconsistencies
------------------------------+--------------------------
Reporter: swissspidy | Owner: westonruter
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.4
Component: Customize | Version: 4.3
Severity: normal | Resolution:
Keywords: has-patch commit | Focuses:
------------------------------+--------------------------
Changes (by westonruter):
* keywords: has-patch needs-unit-tests => has-patch commit
Comment:
I realized that my proposed change in [attachment:32812.1.diff] was flawed
because it was skipping sanitization on title, excerpt, and content for a
given `nav_menu_item` post during preview… but, when on multisite, or if
the user does not have `unfiltered_html` capability, then they should
still not be able to preview markup in these fields. The solution is just
to emulate the behavior of `wp_insert_post()` by applying the
`title_save_pre`, `excerpt_save_pre`, and `content_save_pre` filters. This
would then just automatically do the right thing based on whether the user
has `unfiltered_html`.
So I've corrected these issues in [attachment:32812.2.diff], including a
correction to how the menu item `position` and `status` were sanitized.
The unit tests were also updated to cross-reference check of the
`sanitize` method by actually saving the menu item and checking its saved
results with what the `sanitize` method returns.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32812#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list