Context Navigation

← Previous Ticket
Next Ticket →

#16101 new defect (bug)

Numeric term fields are strings

Reported by:	foofy	Owned by:
Priority:	normal	Milestone:	Future Release
Component:	Taxonomy	Version:
Severity:	normal	Keywords:	has-patch dev-feedback
Cc:	foofy@…, ian_dunn@…

Description

The numeric fields (term_id, parent, etc.) on term objects are strings. I only noticed this because term_exists() uses is_int() to determine if the $term value is an ID or slug.

Only ticket I could find about this is #5381.

sanitize_term() should fix this, but it bails early in the "raw" context. sanitize_term_field() sanitizes the numeric fields in every context. I don't see a reason for sanitize_term() to bail early so I made a patch that takes that out. The patch also adds some missing fields to the list of those to be sanitized and changes term_exists() to use is_numeric() (which will correctly identify strings containing only numbers) instead of is_int().

Attachments (1)

sanitize-numeric-term-fields.patch (1.4 KB) - added by foofy 2 years ago.

Download all attachments as: .zip

Change History (7)

foofy — 2 years ago

Attachment sanitize-numeric-term-fields.patch added

comment:1 scribu — 2 years ago

From the PHP manual on is_numeric():

Finds whether the given variable is numeric. Numeric strings consist of optional sign, any number of digits, optional decimal part and optional exponential part. Thus +0123.45e6 is a valid numeric value. Hexadecimal notation (0xFF) is allowed too but only without sign, decimal and exponential part.

This could cause subtle bugs.

comment:2 foofy — 2 years ago

Cc foofy@… added

I think it would be fine to leave that as is_int() since the problem goes away if the term objects are properly sanitized.

comment:3 follow-up: ↓ 4 mdawaffe — 2 years ago

Keywords dev-feedback added
Milestone changed from Awaiting Review to Future Release

Can use ctype_digit( $term ) without making changes to sanitize_term*().

Casting everything to (int) could change the output of XML-RPC requests which can break clients, so we need to be super careful there.

comment:4 in reply to: ↑ 3 mdawaffe — 2 years ago

Replying to mdawaffe:

Can use ctype_digit( $term ) without making changes to sanitize_term*().

Nacin tells me some hosts disable Ctype, which is ridiculous (on the hosts' parts, not on Nacin's).

comment:5 iandunn — 3 months ago

Cc ian_dunn@… added
Keywords changed from has-patch dev-feedback to has-patch dev-feedback

This just bit me in the ass, because I took the term_id from get_terms() and passed it to get_term_link() as $term. get_term_link() assumed that $term was a slug because it failed is_int(), and since there's no term named "237", it returned a WP_Error().

It seems to me like casting the values to int in get_term*() is the proper fix, even if it requires patching/testing XML-RPC code. If there's a consensus behind that approach, I'll try to find time to write and test a new patch over the next couple weeks.

Last edited 3 months ago by iandunn (previous) (diff)

comment:6 SergeyBiryukov — 3 months ago

Related: #22324

Note: See TracTickets for help on using tickets.

Download in other formats: