Ticket #5135: sanitize_page.diff
| File sanitize_page.diff, 3.1 kB (added by xknown, 1 year ago) |
|---|
-
wp-admin/includes/template.php
old new 493 493 else 494 494 $current = ''; 495 495 496 echo "\n\t<option value='$item->ID'$current>$pad $item->post_title</option>";496 echo "\n\t<option value='$item->ID'$current>$pad " . wp_specialchars($item->post_title) . "</option>"; 497 497 parent_dropdown( $default, $item->ID, $level +1 ); 498 498 } 499 499 } else { -
wp-includes/post.php
old new 102 102 $_post = null; 103 103 } elseif ( is_object($post) ) { 104 104 if ( 'page' == $post->post_type ) 105 return get_page($post, $output );105 return get_page($post, $output, $filter); 106 106 if ( !isset($post_cache[$blog_id][$post->ID]) ) 107 107 $post_cache[$blog_id][$post->ID] = &$post; 108 108 $_post = & $post_cache[$blog_id][$post->ID]; … … 111 111 if ( isset($post_cache[$blog_id][$post]) ) 112 112 $_post = & $post_cache[$blog_id][$post]; 113 113 elseif ( $_post = wp_cache_get($post, 'pages') ) 114 return get_page($_post, $output );114 return get_page($_post, $output, $filter); 115 115 else { 116 116 $_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); 117 117 if ( 'page' == $_post->post_type ) 118 return get_page($_post, $output );118 return get_page($_post, $output, $filter); 119 119 $post_cache[$blog_id][$post] = & $_post; 120 120 } 121 121 } … … 979 979 980 980 // Retrieves page data given a page ID or page object. 981 981 // Handles page caching. 982 function &get_page(&$page, $output = OBJECT ) {982 function &get_page(&$page, $output = OBJECT, $filter = 'raw') { 983 983 global $wpdb, $blog_id; 984 984 985 985 if ( empty($page) ) { … … 992 992 } 993 993 } elseif ( is_object($page) ) { 994 994 if ( 'post' == $page->post_type ) 995 return get_post($page, $output );995 return get_post($page, $output, $filter); 996 996 wp_cache_add($page->ID, $page, 'pages'); 997 997 $_page = $page; 998 998 } else { … … 1005 1005 $_page = & $GLOBALS['page']; 1006 1006 wp_cache_add($_page->ID, $_page, 'pages'); 1007 1007 } elseif ( isset($GLOBALS['post_cache'][$blog_id][$page]) ) { // it's actually a page, and is cached 1008 return get_post($page, $output );1008 return get_post($page, $output, $filter); 1009 1009 } else { // it's not in any caches, so off to the DB we go 1010 1010 // Why are we using assignment for this query? 1011 1011 $_page = & $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID= %d LIMIT 1", $page )); 1012 1012 if ( 'post' == $_page->post_type ) 1013 return get_post($_page, $output );1013 return get_post($_page, $output, $filter); 1014 1014 // Potential issue: we're not checking to see if the post_type = 'page' 1015 1015 // So all non-'post' posts will get cached as pages. 1016 1016 wp_cache_add($_page->ID, $_page, 'pages'); … … 1018 1018 } 1019 1019 } 1020 1020 1021 $_page = sanitize_post($_page, $filter); 1022 1021 1023 // at this point, one way or another, $_post contains the page object 1022 1024 1023 1025 if ( $output == OBJECT ) {
