Make WordPress Core


Ignore:
Timestamp:
11/05/2013 01:18:02 AM (11 years ago)
Author:
wonderboymusic
Message:

Cast proper fields to int when returning from wp_get_object_terms(). Add term_taxonomy_id and object_id to the list in sanitize_term() and sanitize_term_field().

Fixes #17646. Adds unit tests.
Props simonwheatley, dd32, kovshenin.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/taxonomy.php

    r25948 r26010  
    16591659function sanitize_term($term, $taxonomy, $context = 'display') {
    16601660
    1661     if ( 'raw' == $context )
    1662         return $term;
    1663 
    1664     $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group');
    1665 
    1666     $do_object = false;
    1667     if ( is_object($term) )
    1668         $do_object = true;
     1661    $fields = array( 'term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group', 'term_taxonomy_id', 'object_id' );
     1662
     1663    $do_object = is_object( $term );
    16691664
    16701665    $term_id = $do_object ? $term->term_id : (isset($term['term_id']) ? $term['term_id'] : 0);
     
    17151710 */
    17161711function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) {
    1717     if ( 'parent' == $field  || 'term_id' == $field || 'count' == $field || 'term_group' == $field ) {
    1718         $value = (int) $value;
    1719         if ( $value < 0 )
    1720             $value = 0;
    1721     }
     1712    $int_fields = array( 'parent', 'term_id', 'count', 'term_group', 'term_taxonomy_id', 'object_id' );
     1713    if ( in_array( $field, $int_fields ) )
     1714        $value = absint( $value );
    17221715
    17231716    if ( 'raw' == $context )
     
    20502043
    20512044    if ( 'all' == $fields || 'all_with_object_id' == $fields ) {
    2052         $terms = array_merge($terms, $wpdb->get_results($query));
    2053         update_term_cache($terms);
     2045        $_terms = $wpdb->get_results( $query );
     2046        foreach ( $_terms as &$term )
     2047            $term = sanitize_term( $term, $taxonomy, 'raw' );
     2048        $terms = array_merge( $terms, $_terms );
     2049        update_term_cache( $terms );
    20542050    } else if ( 'ids' == $fields || 'names' == $fields || 'slugs' == $fields ) {
    2055         $terms = array_merge($terms, $wpdb->get_col($query));
     2051        $_terms = $wpdb->get_col( $query );
     2052        $_field = ( 'ids' == $fields ) ? 'term_id' : 'name';
     2053        foreach ( $_terms as &$term )
     2054            $term = sanitize_term_field( $_field, $term, $term, $taxonomy, 'raw' );
     2055        $terms = array_merge( $terms, $_terms );
    20562056    } else if ( 'tt_ids' == $fields ) {
    20572057        $terms = $wpdb->get_col("SELECT tr.term_taxonomy_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tr.object_id IN ($object_ids) AND tt.taxonomy IN ($taxonomies) $orderby $order");
     2058        foreach ( $terms as &$tt_id )
     2059            $tt_id = sanitize_term_field( 'term_taxonomy_id', $tt_id, 0, $taxonomy, 'raw' ); // 0 should be the term id, however is not needed when using raw context.
    20582060    }
    20592061
Note: See TracChangeset for help on using the changeset viewer.