From 3667d18943ca7b9e5e5470ef90a5040999c89a70 Mon Sep 17 00:00:00 2001
From: Jake Spurlock <whyisjake@git.wordpress.org>
Date: Fri, 10 Jul 2020 05:58:49 +0000
Subject: [PATCH] Menus: Ensure that category menus with special characters can
 be updated.

Slashes and HTML encoding could cause some menus not to be updated.

Fixes #48011.

Props zaheerahmad, achyuthajoy, desrosj, pento, SergeyBiryukov, donmhico, audrasjb, birgire, mikeschroder.



git-svn-id: https://develop.svn.wordpress.org/trunk@48416 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/nav-menu.php          |  2 +-
 tests/phpunit/tests/post/nav-menu.php | 45 +++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/nav-menu.php b/src/wp-includes/nav-menu.php
index 80649ef79c..6f4d8c807b 100644
--- a/src/wp-includes/nav-menu.php
+++ b/src/wp-includes/nav-menu.php
@@ -492,7 +492,7 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item
 			}
 		}
 
-		if ( $args['menu-item-title'] == $original_title ) {
+		if ( wp_unslash( $args['menu-item-title'] ) == wp_specialchars_decode( $original_title ) ) {
 			$args['menu-item-title'] = '';
 		}
 
diff --git a/tests/phpunit/tests/post/nav-menu.php b/tests/phpunit/tests/post/nav-menu.php
index 0001bbce8a..c944b14f03 100644
--- a/tests/phpunit/tests/post/nav-menu.php
+++ b/tests/phpunit/tests/post/nav-menu.php
@@ -956,4 +956,49 @@ class Test_Nav_Menus extends WP_UnitTestCase {
 		);
 	}
 
+	/**
+	 * Tests `wp_update_nav_menu_item()` with special characters in a category name.
+	 *
+	 * When inserting a category as a nav item, the `$args['menu-item-title']` should
+	 * always be empty as it should get the title from the category object itself.
+	 *
+	 * @ticket 48011
+	 */
+	function test_wp_update_nav_menu_item_with_special_character_in_categories() {
+
+		$category_name = 'Test Cat - \"Pre-Slashed\" Cat Name & >';
+
+		$cat = self::factory()->category->create_and_get(
+			array(
+				'name' => $category_name,
+			)
+		);
+
+		add_action( 'wp_update_nav_menu_item', array( $this, 'callback_wp_update_nav_menu_item_48011' ), 10, 3 );
+
+		wp_update_nav_menu_item(
+			$this->menu_id,
+			0,
+			array(
+				'menu-item-type'      => 'taxonomy',
+				'menu-item-object'    => 'category',
+				'menu-item-object-id' => $cat->term_id,
+				'menu-item-status'    => 'publish',
+				/**
+				 * Interestingly enough, if we use `$cat->name` for the menu item title,
+				 * we won't be able to replicate the bug because it's in htmlentities form.
+				 */
+				'menu-item-title'     => $category_name,
+			)
+		);
+	}
+
+	/**
+	 * Callback for the `wp_update_nav_menu_item` action.
+	 *
+	 * @since 5.5.0
+	 */
+	function callback_wp_update_nav_menu_item_48011( $menu_id, $menu_item_db_id, $args ) {
+		$this->assertEmpty( $args['menu-item-title'] );
+	}
 }