WordPress.org

Make WordPress Core

Changeset 31346


Ignore:
Timestamp:
02/06/2015 02:01:24 AM (5 years ago)
Author:
boonebgorges
Message:

Use field-specific sanitization in WP_Tax_Query::transform_query().

When terms are entered into the database, term fields are sanitized with
sanitize_term_field(). To ensure that the SELECT ... WHERE queries in
WP_Tax_Query::transform_query() are not broken by overzealous sanitization,
sanitize_term_field() should be used in that case as well. This fixes a bug
where a tax_query using 'field=name' would fail if the 'terms' parameter
contained characters (like spaces) that were improperly removed by
sanitize_title_for_query().

Fixes #27810.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/taxonomy.php

    r31307 r31346  
    12271227            case 'slug':
    12281228            case 'name':
    1229                 $terms = "'" . implode( "','", array_map( 'sanitize_title_for_query', $query['terms'] ) ) . "'";
     1229                foreach ( $query['terms'] as &$term ) {
     1230                    /*
     1231                     * 0 is the $term_id parameter. We don't have a term ID yet, but it doesn't
     1232                     * matter because `sanitize_term_field()` ignores the $term_id param when the
     1233                     * context is 'db'.
     1234                     */
     1235                    $term = "'" . sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ) . "'";
     1236                }
     1237
     1238                $terms = implode( ",", $query['terms'] );
     1239
    12301240                $terms = $wpdb->get_col( "
    12311241                    SELECT $wpdb->term_taxonomy.$resulting_field
  • trunk/tests/phpunit/tests/query/taxQuery.php

    r31286 r31346  
    5252                    'taxonomy' => 'category',
    5353                    'terms' => array( 'Foo' ),
     54                    'field' => 'name',
     55                ),
     56            ),
     57        ) );
     58
     59        $this->assertEquals( array( $p1 ), $q->posts );
     60    }
     61
     62    /**
     63     * @ticket 27810
     64     */
     65    public function test_field_name_should_work_for_names_with_spaces() {
     66        register_taxonomy( 'wptests_tax', 'post' );
     67
     68        $t = $this->factory->term->create( array(
     69            'taxonomy' => 'wptests_tax',
     70            'slug' => 'foo',
     71            'name' => 'Foo Bar',
     72        ) );
     73        $p1 = $this->factory->post->create();
     74        $p2 = $this->factory->post->create();
     75
     76        wp_set_object_terms( $p1, $t, 'wptests_tax' );
     77
     78        $q = new WP_Query( array(
     79            'fields' => 'ids',
     80            'tax_query' => array(
     81                array(
     82                    'taxonomy' => 'wptests_tax',
     83                    'terms' => array( 'Foo Bar' ),
    5484                    'field' => 'name',
    5585                ),
Note: See TracChangeset for help on using the changeset viewer.