From 603abd463ee1723de4d684d77527e5f9132be418 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 15 May 2009 21:27:39 +0000
Subject: [PATCH] Escape posts passed as objects. Props Denis-de-Bernardy.
 fixes #9727

git-svn-id: http://svn.automattic.com/wordpress/trunk@11344 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/post.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/wp-includes/post.php b/wp-includes/post.php
index a25afaad2c..5c44e6a692 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -1611,12 +1611,15 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
  *
  * @since 1.0.0
  *
- * @param array|object $postarr Post data.
+ * @param array|object $postarr Post data. Arrays are expected to be escaped, objects are not.
  * @return int 0 on failure, Post ID on success.
  */
 function wp_update_post($postarr = array()) {
-	if ( is_object($postarr) )
+	if ( is_object($postarr) ) {
+		// non-escaped post was passed
 		$postarr = get_object_vars($postarr);
+		$postarr = add_magic_quotes($postarr);
+	}
 
 	// First, get all of the original fields
 	$post = wp_get_single_post($postarr['ID'], ARRAY_A);