Terms should not be sanitized inside term_exists()
|Reported by:||blepoxp||Owned by:|
|Severity:||normal||Keywords:||has-patch needs-unit-tests 3.9-early|
|Cc:||scribu, webord.net@…, moraleida.me, jeremy.buller@…, dromsey@…|
When adding a term to a post, the title of the term is sent through term_exists(). If term_exists finds and returns the ID of an existing term for the passed taxonomy, that ID is added to the post object. If no term is found, it returns false and a new term is created for that taxonomy with the same title that was passed to term_exists().
The problem is that term_exists() uses sanitize_title($term) on line 1457 of wp-includes/taxonomy.php while wp_insert_term uses stripslashes($name) on line 1985 of the same file.
This doesn't cause a problem in many circumstances, but if the term title happens to be something like $$$, that means it will always be added correctly in wp_insert_term() but never found as existing in term_exists(). The result is that every time you add $$$$ to another post it gets added as a new term with a unique slug so that you have several terms with the title $$$$ for the same taxonomy but different IDs.
The attached patch corrects that by passing the term title through stripslashes in term_exists() rather than through sanitize_title().
I haven't found any undesired side effects in testing.
Change History (40)
- Keywords needs-refresh added
- Milestone changed from Future Release to 3.6
comment:17 nacin — 5 months ago
- Keywords 3.7-early added
- Milestone changed from 3.6 to Future Release
- Priority changed from normal to high
comment:27 wonderboymusic — 13 days ago
- Keywords 3.9-early added; 3.7-early removed
- Milestone changed from 3.8 to Future Release