diff --git src/wp-includes/class-wp-tax-query.php src/wp-includes/class-wp-tax-query.php
index 9bff196f28..b46aede70a 100644
|
|
|
class WP_Tax_Query { |
| 623 | 623 | * matter because `sanitize_term_field()` ignores the $term_id param when the |
| 624 | 624 | * context is 'db'. |
| 625 | 625 | */ |
| 626 | | $term = "'" . esc_sql( sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ) ) . "'"; |
| | 626 | $clean_term = sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ); |
| | 627 | |
| | 628 | // Match sanitization in wp_insert_term(). |
| | 629 | $clean_term = wp_unslash( $clean_term ); |
| | 630 | |
| | 631 | $term = "'" . esc_sql( $clean_term ) . "'"; |
| 627 | 632 | } |
| 628 | 633 | |
| 629 | 634 | $terms = implode( ",", $query['terms'] ); |
diff --git tests/phpunit/tests/query/taxQuery.php tests/phpunit/tests/query/taxQuery.php
index 7582eb2e1a..34ed7fad1f 100644
|
|
|
class Tests_Query_TaxQuery extends WP_UnitTestCase { |
| 1380 | 1380 | |
| 1381 | 1381 | _unregister_taxonomy( 'foo' ); |
| 1382 | 1382 | } |
| | 1383 | |
| | 1384 | /** |
| | 1385 | * @ticket 39315 |
| | 1386 | */ |
| | 1387 | public function test_tax_terms_should_not_be_double_escaped() { |
| | 1388 | $name = "Don't worry be happy"; |
| | 1389 | |
| | 1390 | register_taxonomy( 'wptests_tax', 'post' ); |
| | 1391 | $t = self::factory()->term->create( array( |
| | 1392 | 'taxonomy' => 'wptests_tax', |
| | 1393 | 'name' => $name, |
| | 1394 | ) ); |
| | 1395 | |
| | 1396 | $p = self::factory()->post->create(); |
| | 1397 | wp_set_object_terms( $p, array( $t ), 'wptests_tax' ); |
| | 1398 | |
| | 1399 | $q = new WP_Query( array( |
| | 1400 | 'fields' => 'ids', |
| | 1401 | 'tax_query' => array( |
| | 1402 | array( |
| | 1403 | 'taxonomy' => 'wptests_tax', |
| | 1404 | 'field' => 'name', |
| | 1405 | 'terms' => $name, |
| | 1406 | ), |
| | 1407 | ), |
| | 1408 | ) ); |
| | 1409 | |
| | 1410 | $this->assertEqualSets( array( $p ), $q->posts ); |
| | 1411 | } |
| 1383 | 1412 | } |