WordPress.org

Make WordPress Core

Ticket #16101: sanitize-numeric-term-fields.patch

File sanitize-numeric-term-fields.patch, 1.4 KB (added by foofy, 7 years ago)
  • taxonomy.php

     
    13871387        $select = "SELECT term_id FROM $wpdb->terms as t WHERE ";
    13881388        $tax_select = "SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE ";
    13891389
    1390         if ( is_int($term) ) {
     1390        if ( is_numeric($term) ) {
    13911391                if ( 0 == $term )
    13921392                        return 0;
    13931393                $where = 't.term_id = %d';
     
    14521452 */
    14531453function sanitize_term($term, $taxonomy, $context = 'display') {
    14541454
    1455         if ( 'raw' == $context )
    1456                 return $term;
     1455        $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group', 'term_taxonomy_id');
    14571456
    1458         $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group');
    1459 
    14601457        $do_object = false;
    14611458        if ( is_object($term) )
    14621459                $do_object = true;
     
    15081505 * @return mixed sanitized field
    15091506 */
    15101507function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) {
    1511         if ( 'parent' == $field  || 'term_id' == $field || 'count' == $field || 'term_group' == $field ) {
    1512                 $value = (int) $value;
    1513                 if ( $value < 0 )
    1514                         $value = 0;
     1508        // Make sure all numeric fields are integers
     1509        if ( in_array($field, array( 'parent', 'term_id', 'count', 'term_group', 'term_taxonomy_id'))) {
     1510                $value = max((int) $value, 0);
    15151511        }
    15161512
    15171513        if ( 'raw' == $context )