From f01d1883e4f97b2cf2568015e13750c35fff08b6 Mon Sep 17 00:00:00 2001
From: nacin <nacin@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 28 Apr 2010 02:04:30 +0000
Subject: [PATCH] Verify nav menu items. props filosofo, fixes #13154.

git-svn-id: http://svn.automattic.com/wordpress/trunk@14263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/admin-ajax.php  | 30 ++----------------------------
 wp-admin/nav-menus.php   | 12 +++++++-----
 wp-includes/nav-menu.php | 22 ++++++++++++++++++++--
 3 files changed, 29 insertions(+), 35 deletions(-)

diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 32ef7caa3..7d05ab1cc 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -402,7 +402,7 @@ case 'delete-menu-item' :
 	if ( ! current_user_can( 'switch_themes' ) ) 
 		die('-1');
 
-	if ( 'nav_menu_item' == get_post_type( $menu_item_id ) && wp_delete_post( $menu_item_id, true ) )
+	if ( is_nav_menu_item( $menu_item_id ) && wp_delete_post( $menu_item_id, true ) )
 		die('1');
 	else
 		die('0');
@@ -1466,33 +1466,7 @@ case 'set-post-thumbnail':
 		}
 	}
 	die( '0' );
-case 'save-custom-link':
-	if ( ! current_user_can('manage_links') )
-		die('-1');
-
-	$link_name = isset( $_POST['link_name'] ) ? esc_html($_POST['link_name']) : null;
-	$link_url = isset( $_POST['link_url'] ) ? esc_url_raw($_POST['link_url']) : null;
-
-	if ( !$link_name || !$link_url )
-		die('-1');
-
-	$post = array(
-		'post_status' => 'draft', 'post_type' => 'nav_menu_item', 'ping_status' => 0,
-		'post_author' => $user_ID, 'post_title' => $link_name, 'post_excerpt' => '',
-		'post_parent' => 0, 'menu_order' => 0, 'post_content' => '',
-	);
-
-	$link_id = wp_insert_post( $post );
-
-	update_post_meta( $link_id, '_menu_item_type', 'custom' );
-	update_post_meta( $link_id, '_menu_item_object_id', (int) $link_id );
-	update_post_meta( $link_id, '_menu_item_object', 'custom' );
-	update_post_meta( $link_id, '_menu_item_target', '' );
-	update_post_meta( $link_id, '_menu_item_classes', '' );
-	update_post_meta( $link_id, '_menu_item_xfn', '' );
-	update_post_meta( $link_id, '_menu_item_url', $link_url );
-
-	die( json_encode($link_id) );
+	break;
 default :
 	do_action( 'wp_ajax_' . $_POST['action'] );
 	die('0');
diff --git a/wp-admin/nav-menus.php b/wp-admin/nav-menus.php
index 1a685a3f1..4cfba0678 100644
--- a/wp-admin/nav-menus.php
+++ b/wp-admin/nav-menus.php
@@ -63,7 +63,7 @@ switch ( $action ) {
 		check_admin_referer( 'move-menu_item' );
 		$menu_item_id = (int) $_REQUEST['menu-item'];
 		$next_item_id = 0;
-		if ( 'nav_menu_item' == get_post_type( $menu_item_id ) ) {
+		if ( is_nav_menu_item( $menu_item_id ) ) {
 			$menus = isset( $_REQUEST['menu'] ) ? array( (int) $_REQUEST['menu'] ) : wp_get_object_terms( $menu_item_id, 'nav_menu', array( 'fields' => 'ids' ) );
 			if ( ! is_wp_error( $menus ) ) {
 				foreach( (array) $menus as $menu_id ) {
@@ -84,7 +84,7 @@ switch ( $action ) {
 	case 'move-up-menu-item' :
 		check_admin_referer( 'move-menu_item' );
 		$menu_item_id = empty( $next_item_id ) ? (int) $_REQUEST['menu-item'] : $next_item_id;
-		if ( 'nav_menu_item' == get_post_type( $menu_item_id ) ) {
+		if ( is_nav_menu_item( $menu_item_id ) ) {
 			$menus = isset( $_REQUEST['menu'] ) ? array( (int) $_REQUEST['menu'] ) : wp_get_object_terms( $menu_item_id, 'nav_menu', array( 'fields' => 'ids' ) );
 			if ( ! is_wp_error( $menus ) ) {
 				foreach( (array) $menus as $menu_id ) {
@@ -166,7 +166,7 @@ switch ( $action ) {
 		check_admin_referer( 'delete-menu_item_' . $menu_item_id );
 
 
-		if ( 'nav_menu_item' == get_post_type( $menu_item_id ) ) {
+		if ( is_nav_menu_item( $menu_item_id ) ) {
 			if ( wp_delete_post( $menu_item_id, true ) ) {
 				
 				$messages_div = '<div id="message" class="updated"><p>' . __('The menu item has been successfully deleted.') . '</p></div>';
@@ -260,9 +260,11 @@ switch ( $action ) {
 				}
 
 				// Remove menu items from the menu that weren't in $_POST
-				if ( !empty( $menu_items ) ) {
+				if ( ! empty( $menu_items ) ) {
 					foreach ( array_keys( $menu_items ) as $menu_item_id ) {
-						wp_delete_post( $menu_item_id );
+						if ( is_nav_menu_item( $menu_item_id ) ) {
+							wp_delete_post( $menu_item_id );
+						}
 					}
 				}
 
diff --git a/wp-includes/nav-menu.php b/wp-includes/nav-menu.php
index 51ac3724f..2b4275546 100644
--- a/wp-includes/nav-menu.php
+++ b/wp-includes/nav-menu.php
@@ -35,9 +35,9 @@ function wp_get_nav_menu_object( $menu ) {
 }
 
 /**
- * Check if navigation menu exists.
+ * Check if the given ID is a nav menu.
  *
- * Returns the menu object, or false if the term doesn't exist.
+ * Returns true if it is; false otherwise.
  *
  * @since 3.0.0
  *
@@ -56,6 +56,18 @@ function is_nav_menu( $menu ) {
 	return false;
 }
 
+/**
+ * Determine whether the given ID is a nav menu item.
+ *
+ * @since 3.0.0
+ *
+ * @param int $menu_item_id The ID of the potential nav menu item.
+ * @return bool Whether the given ID is that of a nav menu item.
+ */
+function is_nav_menu_item( $menu_item_id = 0 ) {
+	return ( ! is_wp_error( $menu_item_id ) && ( 'nav_menu_item' == get_post_type( $menu_item_id ) ) );
+}
+
 /**
  * Create a Navigation Menu.
  *
@@ -178,6 +190,11 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item
 	$menu_id = (int) $menu_id;
 	$menu_item_db_id = (int) $menu_item_db_id;
 
+	// make sure that we don't convert non-nav_menu_item objects into nav_menu_item objects
+	if ( ! empty( $menu_item_db_id ) && ! is_nav_menu_item( $menu_item_db_id ) ) {
+		return new WP_Error('update_nav_menu_item_failed', __('The given object ID is not that of a menu item.'));
+	}
+
 	$menu = wp_get_nav_menu_object( $menu_id );
 
 	if ( ! $menu || is_wp_error( $menu ) ) {
@@ -235,6 +252,7 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item
 
 	// New menu item
 	if ( 0 == $menu_item_db_id ) {
+		$post['ID'] = 0;
 		$menu_item_db_id = wp_insert_post( $post );
 
 	// Update existing menu item