Fix slashing when creating or updating a menu item (#35147)

* Slash 'menu-id', 'menu-item-db-id' and $prepared-nav-item values before passing them in into wp_update_nav_menu_item function. * Add unit tests that check if create_item and update_item endpoints correctly handle slashed data. * Don't slash menu-id and menu-item-db-id values. They are expected to be integers.
WordPress · Oct 1, 2021 · 456eabc · 456eabc
1 parent b026af1
commit 456eabc
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 2 deletions.
diff --git a/lib/class-wp-rest-menu-items-controller.php b/lib/class-wp-rest-menu-items-controller.php
@@ -181,7 +181,7 @@ public function create_item( $request ) {
 		}
 		$prepared_nav_item = (array) $prepared_nav_item;
 
-		$nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id'], $prepared_nav_item['menu-item-db-id'], $prepared_nav_item );
+		$nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id'], $prepared_nav_item['menu-item-db-id'], wp_slash( $prepared_nav_item ) );
 		if ( is_wp_error( $nav_menu_item_id ) ) {
 			if ( 'db_insert_error' === $nav_menu_item_id->get_error_code() ) {
 				$nav_menu_item_id->add_data( array( 'status' => 500 ) );
@@ -271,7 +271,7 @@ public function update_item( $request ) {
 
 		$prepared_nav_item = (array) $prepared_nav_item;
 
-		$nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id'], $prepared_nav_item['menu-item-db-id'], $prepared_nav_item );
+		$nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id'], $prepared_nav_item['menu-item-db-id'], wp_slash( $prepared_nav_item ) );
 
 		if ( is_wp_error( $nav_menu_item_id ) ) {
 			if ( 'db_update_error' === $nav_menu_item_id->get_error_code() ) {

diff --git a/phpunit/class-rest-nav-menu-items-controller-test.php b/phpunit/class-rest-nav-menu-items-controller-test.php
@@ -937,4 +937,38 @@ protected function set_menu_item_data( $args = array() ) {
 
 		return wp_parse_args( $args, $defaults );
 	}
+
+	public function test_create_item_properly_handles_slashed_data() {
+		wp_set_current_user( self::$admin_id );
+
+		$request = new WP_REST_Request( 'POST', '/__experimental/menu-items' );
+		$request->add_header( 'content-type', 'application/x-www-form-urlencoded' );
+		$parameters = $this->set_menu_item_data(
+			array(
+				'title' => 'Some \\\'title',
+			)
+		);
+		$request->set_body_params( $parameters );
+		$response = rest_get_server()->dispatch( $request );
+		$data     = $response->get_data();
+		$post     = get_post( $data['id'] );
+		$this->assertSame( $parameters['title'], $post->post_title );
+	}
+
+	public function test_update_item_properly_handles_slashed_data() {
+		wp_set_current_user( self::$admin_id );
+
+		$request = new WP_REST_Request( 'PUT', sprintf( '/__experimental/menu-items/%d', $this->menu_item_id ) );
+		$request->add_header( 'content-type', 'application/x-www-form-urlencoded' );
+		$title  = 'Some \\\'title';
+		$params = $this->set_menu_item_data(
+			array(
+				'title' => $title,
+			)
+		);
+		$request->set_body_params( $params );
+		$response = rest_get_server()->dispatch( $request );
+		$new_data = $response->get_data();
+		$this->assertEquals( $params['title'], $new_data['title']['raw'] );
+	}
 }