WP_Customize_Manager::preserve_insert_changeset_post_content( array $data, array $postarr, array $unsanitized_postarr )
Preserve the initial JSON post_content passed to save into the post.
Description
This is needed to prevent KSES and other ‘content_save_pre’ filters from corrupting JSON data.
Note that WP_Customize_Manager::validate_setting_values() have already run on the setting values being serialized as JSON into the post content so it is pre-sanitized.
Also, the sanitization logic is re-run through the respective WP_Customize_Setting::sanitize() method when being read out of the changeset, via WP_Customize_Manager::post_value(), and this sanitized value will also be sent into WP_Customize_Setting::update() for persisting to the DB.
Multiple users can collaborate on a single changeset, where one user may have the unfiltered_html capability but another may not. A user with unfiltered_html may add a script tag to some field which needs to be kept intact even when another user updates the changeset to modify another field when they do not have unfiltered_html.
Parameters
- $data
-
(Required) An array of slashed and processed post data.
- $postarr
-
(Required) An array of sanitized (and slashed) but otherwise unmodified post data.
- $unsanitized_postarr
-
(Required) An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post().
Return
(array) Filtered post data.
Source
File: wp-includes/class-wp-customize-manager.php
public function preserve_insert_changeset_post_content( $data, $postarr, $unsanitized_postarr ) {
if (
isset( $data['post_type'] ) &&
isset( $unsanitized_postarr['post_content'] ) &&
'customize_changeset' === $data['post_type'] ||
(
'revision' === $data['post_type'] &&
! empty( $data['post_parent'] ) &&
'customize_changeset' === get_post_type( $data['post_parent'] )
)
) {
$data['post_content'] = $unsanitized_postarr['post_content'];
}
return $data;
}
Changelog
Version | Description |
---|---|
WP-4.9.14 | Introduced. |