Ticket #16101: sanitize-numeric-term-fields.patch
File sanitize-numeric-term-fields.patch, 1.4 KB (added by , 14 years ago) |
---|
-
taxonomy.php
1387 1387 $select = "SELECT term_id FROM $wpdb->terms as t WHERE "; 1388 1388 $tax_select = "SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE "; 1389 1389 1390 if ( is_ int($term) ) {1390 if ( is_numeric($term) ) { 1391 1391 if ( 0 == $term ) 1392 1392 return 0; 1393 1393 $where = 't.term_id = %d'; … … 1452 1452 */ 1453 1453 function sanitize_term($term, $taxonomy, $context = 'display') { 1454 1454 1455 if ( 'raw' == $context ) 1456 return $term; 1455 $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group', 'term_taxonomy_id'); 1457 1456 1458 $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group');1459 1460 1457 $do_object = false; 1461 1458 if ( is_object($term) ) 1462 1459 $do_object = true; … … 1508 1505 * @return mixed sanitized field 1509 1506 */ 1510 1507 function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) { 1511 if ( 'parent' == $field || 'term_id' == $field || 'count' == $field || 'term_group' == $field ) { 1512 $value = (int) $value; 1513 if ( $value < 0 ) 1514 $value = 0; 1508 // Make sure all numeric fields are integers 1509 if ( in_array($field, array( 'parent', 'term_id', 'count', 'term_group', 'term_taxonomy_id'))) { 1510 $value = max((int) $value, 0); 1515 1511 } 1516 1512 1517 1513 if ( 'raw' == $context )