WP_Customize_Manager::preserve_insert_changeset_post_content( array $data, array $postarr, array $unsanitized_postarr )

Preserve the initial JSON post_content passed to save into the post.

Description

This is needed to prevent KSES and other ‘content_save_pre’ filters from corrupting JSON data.

Note that WP_Customize_Manager::validate_setting_values() have already run on the setting values being serialized as JSON into the post content so it is pre-sanitized.

Also, the sanitization logic is re-run through the respective WP_Customize_Setting::sanitize() method when being read out of the changeset, via WP_Customize_Manager::post_value(), and this sanitized value will also be sent into WP_Customize_Setting::update() for persisting to the DB.

Multiple users can collaborate on a single changeset, where one user may have the unfiltered_html capability but another may not. A user with unfiltered_html may add a script tag to some field which needs to be kept intact even when another user updates the changeset to modify another field when they do not have unfiltered_html.

Parameters

$data

(array) (Required) An array of slashed and processed post data.

$postarr

(array) (Required) An array of sanitized (and slashed) but otherwise unmodified post data.

$unsanitized_postarr

(array) (Required) An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post().

Return

(array) Filtered post data.

Source

File: wp-includes/class-wp-customize-manager.php 

public function preserve_insert_changeset_post_content( $data, $postarr, $unsanitized_postarr ) {
		if (
			isset( $data['post_type'] ) &&
			isset( $unsanitized_postarr['post_content'] ) &&
			'customize_changeset' === $data['post_type'] ||
			(
				'revision' === $data['post_type'] &&
				! empty( $data['post_parent'] ) &&
				'customize_changeset' === get_post_type( $data['post_parent'] )
			)
		) {
			$data['post_content'] = $unsanitized_postarr['post_content'];
		}
		return $data;
	}

Uses

Uses Description
wp-includes/post.php: get_post_type()

Retrieves the post type of the current post or of a given post.

Changelog

Version Description
5.4.1 Introduced.

© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_customize_manager/preserve_insert_changeset_post_content