Make WordPress Core


Ignore:
Timestamp:
05/05/2015 11:13:51 AM (10 years ago)
Author:
boonebgorges
Message:

Improve sanitization of 'name' param in get_terms().

Values of 'name' that contain db-encoded character on insert - like an
ampersand, which is HTML-encoded in the database - will only match if they go
through the same sanitize_term_field() routine.

Fixes #32248.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/term/getTerms.php

    r31532 r32353  
    539539
    540540        $this->assertEqualSets( array( $t3, $t1 ), $found );
     541    }
     542
     543    /**
     544     * @ticket 32248
     545     */
     546    public function test_name_should_match_encoded_html_entities() {
     547        register_taxonomy( 'wptests_tax', 'post' );
     548
     549        $t = $this->factory->term->create( array(
     550            'taxonomy' => 'wptests_tax',
     551            'name' => 'Foo & Bar',
     552            'slug' => 'foo-and-bar',
     553        ) );
     554
     555        $found = get_terms( 'wptests_tax', array(
     556            'hide_empty' => false,
     557            'fields' => 'ids',
     558            'name' => 'Foo & Bar',
     559        ) );
     560        $this->assertEqualSets( array( $t ), $found );
     561
     562        // array format.
     563        $found = get_terms( 'wptests_tax', array(
     564            'hide_empty' => false,
     565            'fields' => 'ids',
     566            'name' => array( 'Foo & Bar' ),
     567        ) );
     568        $this->assertEqualSets( array( $t ), $found );
    541569    }
    542570
Note: See TracChangeset for help on using the changeset viewer.