sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Widgets: Correctly strip slashes from widget and sidebar names to allow namespaced widgets to function correctly. 

Fixes #27770

Props jdgrimes


git-svn-id: https://develop.svn.wordpress.org/trunk@41292 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2017-08-22 14:51:47 +00:00
parent 0d407f3625
commit 3eff05cb88
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-admin/includes/ajax-actions.php
View File

@ -1879,7 +1879,7 @@ function wp_ajax_widgets_order() {
// Save widgets order for all sidebars. // Save widgets order for all sidebars.
if ( is_array($_POST['sidebars']) ) { if ( is_array($_POST['sidebars']) ) {
$sidebars = array(); $sidebars = array();
foreach ( $_POST['sidebars'] as $key => $val ) { foreach ( wp_unslash( $_POST['sidebars'] ) as $key => $val ) {
$sb = array(); $sb = array();
if ( !empty($val) ) { if ( !empty($val) ) {
$val = explode(',', $val); $val = explode(',', $val);
@ -1935,8 +1935,8 @@ function wp_ajax_save_widget() {
/** This action is documented in wp-admin/widgets.php */ /** This action is documented in wp-admin/widgets.php */
do_action( 'sidebar_admin_setup' ); do_action( 'sidebar_admin_setup' );
$id_base = $_POST['id_base']; $id_base = wp_unslash( $_POST['id_base'] );
$widget_id = $_POST['widget-id']; $widget_id = wp_unslash( $_POST['widget-id'] );
$sidebar_id = $_POST['sidebar']; $sidebar_id = $_POST['sidebar'];
$multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0; $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
$settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false; $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;