Escape posts passed as objects. Props Denis-de-Bernardy. fixes #9727

git-svn-id: http://svn.automattic.com/wordpress/trunk@11344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-05-15 21:27:39 +00:00
parent acd92c27ab
commit 603abd463e
1 changed files with 5 additions and 2 deletions

View File

@ -1611,12 +1611,15 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
*
* @since 1.0.0
*
* @param array|object $postarr Post data.
* @param array|object $postarr Post data. Arrays are expected to be escaped, objects are not.
* @return int 0 on failure, Post ID on success.
*/
function wp_update_post($postarr = array()) {
if ( is_object($postarr) )
if ( is_object($postarr) ) {
// non-escaped post was passed
$postarr = get_object_vars($postarr);
$postarr = add_magic_quotes($postarr);
}
// First, get all of the original fields
$post = wp_get_single_post($postarr['ID'], ARRAY_A);