id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
17689	Terms should not be sanitized inside term_exists()	blepoxp		"When adding a term to a post, the title of the term is sent through term_exists(). If term_exists finds and returns the ID of an existing term for the passed taxonomy, that ID is added to the post object. If no term is found, it returns false and a new term is created for that taxonomy with the same title that was passed to term_exists().

The problem is that term_exists() uses sanitize_title($term) on line 1457 of wp-includes/taxonomy.php while wp_insert_term uses stripslashes($name) on line 1985 of the same file.

This doesn't cause a problem in many circumstances, but if the term title happens to be something like $$$, that means it will always be added correctly in wp_insert_term() but never found as existing in term_exists(). The result is that every time you add $$$$ to another post it gets added as a new term with a unique slug so that you have  several terms with the title $$$$ for the same taxonomy but different IDs. 

The attached patch corrects that by passing the term title through stripslashes in term_exists() rather than through sanitize_title().

I haven't found any undesired side effects in testing."	defect (bug)	new	normal	3.6	Taxonomy	3.2	normal		has-patch needs-unit-tests	scribu webord.net@… moraleida.me