Updating a post without escaping ampersands?

That is correct, the updating in the Admin section does not change the & to & while the wp_update_post() function (which can be found under /wp-includes/post.php on line 3772) does but only when the user does not have the capability unfiltered_html, let me explain how I found this out, and what I recommend.

I did some tracing into this and found out that wp_update_post() calls wp_insert_post() internally as shown on line 3820

return wp_insert_post( $postarr, $wp_error );

wp_insert_post() calls sanitize_post() on line 3227

$postarr = sanitize_post( $postarr, 'db' );

Then on line 2176, this filter changes the & to &

$value = apply_filters( "{$field_no_prefix}_save_pre", $value );

In particular there is a filter called content_save_pre or in my case title_save_pre since I am facing the same issue with the title.

Now, onto the Admin page which uses /wp-admin/post.php

You can see the actual save is on line 205

$post_id = edit_post();

And edit_post() function can be found under /wp-admin/includes/post.php on line 208

function edit_post( $post_data = null ) {

The actual update is being done on line 382

$success = wp_update_post( $post_data );

Which shows that WordPress uses the same wp_update_post() function internally.

Turns out that there is a filter named ‘wp_filter_kses’ which is not being used by WordPress Admin that is making all the difference. Although you can remove it by using:

remove_filter('content_save_pre', 'wp_filter_kses');

or in my case

remove_filter('title_save_pre', 'wp_filter_kses');

Or as @rinogo mentioned, you can use kses_remove_filters() to remove all kses filters.

However, these filters are set by /wp-includes/kses.php on line 1934 after it checks if the user has the capability of “unfiltered_html”

    if ( ! current_user_can( 'unfiltered_html' ) ) {
    kses_init_filters();
    }

If kses_init_filters() gets called, then the user who is trying to update the post is not trusted enough and does not have the proper capability.

I would recommend that authentication gets handled properly rather than removing the filters.

Related Posts:

  1. Connection lost. Saving has been disabled… (Updating Posts/Pages)
  2. Post/Page Publish/Update button not clickable once I make an edit
  3. How to batch update post content with custom post meta value
  4. Update post date on every new comment?
  5. Mass Update lines of code for all posts
  6. Unable to modify(update) posts – Page not found
  7. How do I batch create revisions of all posts?
  8. When I re-save a post with [code] sections, the entities are double-escaped (> becomes > etc)
  9. custom post scheduler for drafts
  10. If modified on same day, show only time
  11. Updating post data on save (save_post vs wp_insert_post_data)
  12. wp_update_post creating revisions instead of updating the post
  13. Can’t update WordPress Page if post_content is Empty
  14. wordpress post not showing my “” text>?
  15. Bulk update published posts date randomly using wp-cli?
  16. Run a function when a custom post is update?
  17. wp_trash_post() duplicates post to trash
  18. Set a post expiration and delete a post when expirate
  19. Bulk Post update_post_meta
  20. Update Post with Modified Data
  21. How can I use wp_after_insert_post with $current_screen?
  22. How to get Images included in Post
  23. Accessing the post content with WP_Query
  24. Overview with latest edited posts and pages
  25. deleting terms programmatically
  26. Side by side blog posts that are tied together
  27. Don’t post or draft if post already exists
  28. posts_per_page doesnt work
  29. if I create ‘front-page.php’, then how do I link to post index?
  30. Will post_exists work for draft posts?
  31. How can I get a post field value using javascript?
  32. Check to see if post is live before displaying the content
  33. slideshow is not showing in a post call with ajax
  34. Ajax posts filter by date, comments, top views, top likes
  35. Copying and pasting emoji in a wordpress post
  36. How to automatically apply a category based on the post title?
  37. How to disable edit post option 12 hours after post publication for contributors?
  38. Get latest posts from WordPress site without header, menu and sidebar
  39. How can I schedule a PAGE to go live at a future date/time?
  40. Counter of posts ever posted – even deleted ones
  41. How to delete all the content of a wordpress site without deleting the Post and pages?
  42. Most liked page not displaying posts
  43. WordPress’ ALL post count info on its dashboard does not match phpMyAdmin’s ALL post count!
  44. Update a users role based on number of posts published
  45. Style Differently Edited Posts
  46. 404 on paginated blog pages
  47. Blog page pagination is not working after using the offset argument
  48. Search results posts_orderby and ID
  49. WordPress Automatic Filename Changer
  50. How to add tags (custom taxonomy) to post class css?
  51. How to save meta checkbox WordPress
  52. Sidebar show posts by current category also in single post
  53. Category Redirects to homepage [closed]
  54. SQL Command for restoring trashed comments
  55. Displaying post excerpt using wpdb query
  56. Loop don’t work within single.php page
  57. How to display Changing post link for 24 hours in x category
  58. Upload attachment from external site
  59. WordPress.com post editor replacement
  60. Custom permalink for each post
  61. Related Posts: Changing Function For Posts Per Page
  62. Import custom database into wp and keep the post id
  63. Retrieve a specific post’s featured image and show on a different page
  64. How to split authors?
  65. Display Related Posts by Category in Random
  66. WordPress wp_editor to post and edit
  67. How to display Post title By ID and its Thumb Contents
  68. Jumbled writing under a post
  69. Is there a way to define the $post var outside the loop?
  70. How do I keep raw HTML in my RSS feed and not lose my paragraph breaks?
  71. After updating to 5.9, when the posts page is loaded in the browser it uses wp-includes/template-canvas.php?
  72. Show only posts with titles/permalinks that do not contain certain words
  73. Featured Images most often doesnt appear
  74. index.php not getting blog posts anymore
  75. Why is WordPress showing a blank excerpt for just one of my posts?
  76. Is there a way to know when a page has been updated and do some action only once?
  77. Reuse old post ID for new post after deleting post
  78. Contact Form 7 Shortcode not recognized inside another shortcode
  79. WordPress Pods Custom Post Type – separate Media Upload folder for each custom Post Types
  80. Put page on Archived statut after end of publication date
  81. Blog Post slider not working
  82. Display new posts categories in separated divs
  83. Point to a page when there is no results
  84. Remove All in One Seo from Posts for Contributors
  85. Add row after three columns
  86. update post category in a new table on frequent change of category
  87. Edit Posts Page but not category specific pages?
  88. Show posts between two Custom Fields date
  89. How to display an icon when a new post is published and then remove it when a specific time past?
  90. How can add metabox for post of specific category before save post and after save post [duplicate]
  91. Posts page template: How can I edit the markup for this?
  92. How to store post rating system data post independent?
  93. Displaying different posts Via wp_list_categories()
  94. Which hooks are essential for post templates?
  95. Should new posts already have tags?
  96. Post UI Tabs plugin double fade effect
  97. Error 404 blog/page/2/
  98. WordPress limit post that subscriber can create
  99. website images getting corrupt automatically
  100. Posts Page in WordPress loading bare HTML of my homepage

Leave a Comment