WordPress.org

Make WordPress Core

Ticket #16101: sanitize-numeric-term-fields.patch

File sanitize-numeric-term-fields.patch, 1.4 KB (added by foofy, 3 years ago)
  • taxonomy.php

     
    13871387        $select = "SELECT term_id FROM $wpdb->terms as t WHERE "; 
    13881388        $tax_select = "SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE "; 
    13891389 
    1390         if ( is_int($term) ) { 
     1390        if ( is_numeric($term) ) { 
    13911391                if ( 0 == $term ) 
    13921392                        return 0; 
    13931393                $where = 't.term_id = %d'; 
     
    14521452 */ 
    14531453function sanitize_term($term, $taxonomy, $context = 'display') { 
    14541454 
    1455         if ( 'raw' == $context ) 
    1456                 return $term; 
     1455        $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group', 'term_taxonomy_id'); 
    14571456 
    1458         $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group'); 
    1459  
    14601457        $do_object = false; 
    14611458        if ( is_object($term) ) 
    14621459                $do_object = true; 
     
    15081505 * @return mixed sanitized field 
    15091506 */ 
    15101507function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) { 
    1511         if ( 'parent' == $field  || 'term_id' == $field || 'count' == $field || 'term_group' == $field ) { 
    1512                 $value = (int) $value; 
    1513                 if ( $value < 0 ) 
    1514                         $value = 0; 
     1508        // Make sure all numeric fields are integers 
     1509        if ( in_array($field, array( 'parent', 'term_id', 'count', 'term_group', 'term_taxonomy_id'))) { 
     1510                $value = max((int) $value, 0); 
    15151511        } 
    15161512 
    15171513        if ( 'raw' == $context )