Make WordPress Core

Ticket #24354: 24354.diff

File 24354.diff, 503 bytes (added by ericmann, 11 years ago)

Escape category name before passing it to get_term_by().

  • wp-includes/category.php

     
    169169 * @return int 0, if failure and ID of category on success.
    170170 */
    171171function get_cat_ID( $cat_name ) {
     172        $cat_name = _wp_specialchars( $cat_name ); // get_term_by expects $cat_name to be escaped
    172173        $cat = get_term_by( 'name', $cat_name, 'category' );
    173174        if ( $cat )
    174175                return $cat->term_id;