WordPress.org

Make WordPress Core

Changeset 36348


Ignore:
Timestamp:
01/19/2016 04:09:32 AM (4 years ago)
Author:
boonebgorges
Message:

Don't double-escape the 'name' param in get_terms().

[32353] changed the way the 'name' param in get_terms() is sanitized, by
running it through sanitize_term_field( 'name' ) before performing the SQL
query. An unintentional side effect of this change was that the string is
double-escaped: once by wp_filter_kses(), and once by esc_sql(). The
double-escaping was causing 'name' queries to fail when the param contained
apostrophes or other escaped characters.

Fixes #35493.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/taxonomy.php

    r36323 r36348  
    13551355        $names = (array) $args['name'];
    13561356        foreach ( $names as &$_name ) {
    1357             $_name = sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' );
     1357            // `sanitize_term_field()` returns slashed data.
     1358            $_name = stripslashes( sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' ) );
    13581359        }
    13591360
  • trunk/tests/phpunit/tests/term/getTerms.php

    r36252 r36348  
    560560            'name' => array( 'Foo & Bar' ),
    561561        ) );
     562        $this->assertEqualSets( array( $t ), $found );
     563    }
     564
     565    /**
     566     * @ticket 35493
     567     */
     568    public function test_name_should_not_double_escape_apostrophes() {
     569        register_taxonomy( 'wptests_tax', 'post' );
     570
     571        $name = "Foo'Bar";
     572
     573        $t = self::factory()->term->create( array(
     574            'taxonomy' => 'wptests_tax',
     575            'name' => $name,
     576        ) );
     577
     578        $term = get_term( $t, 'wptests_tax' );
     579
     580        $this->assertSame( $name, $term->name );
     581
     582        $found = get_terms( 'wptests_tax', array(
     583            'hide_empty' => false,
     584            'fields' => 'ids',
     585            'name' => $name,
     586        ) );
     587
    562588        $this->assertEqualSets( array( $t ), $found );
    563589    }
Note: See TracChangeset for help on using the changeset viewer.