WordPress.org

Make WordPress Core

Ticket #37276: 37276.diff

File 37276.diff, 674 bytes (added by elrae, 4 years ago)

Adds wp_unslash to mirror what we do when inserting the term

  • src/wp-includes/class-wp-tax-query.php

     
    623623                                         * matter because `sanitize_term_field()` ignores the $term_id param when the
    624624                                         * context is 'db'.
    625625                                         */
    626                                         $term = "'" . esc_sql( sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ) ) . "'";
     626                                        $term = "'" . esc_sql( wp_unslash ( sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ) ) ) . "'";
    627627                                }
    628628
    629629                                $terms = implode( ",", $query['terms'] );