Changeset 36348 for trunk/src/wp-includes/taxonomy.php

Timestamp:

01/19/2016 04:09:32 AM (10 years ago)

Author:

boonebgorges

Message:

Don't double-escape the 'name' param in get_terms().

[32353] changed the way the 'name' param in get_terms() is sanitized, by
running it through sanitize_term_field( 'name' ) before performing the SQL
query. An unintentional side effect of this change was that the string is
double-escaped: once by wp_filter_kses(), and once by esc_sql(). The
double-escaping was causing 'name' queries to fail when the param contained
apostrophes or other escaped characters.

Fixes #35493.

File:

• trunk/src/wp-includes/taxonomy.php (modified) (1 diff)

trunk/src/wp-includes/taxonomy.php

@@ -1355 +1355 @@
         $names = (array) $args['name'];
         foreach ( $names as &$_name ) {
-            $_name = sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' );
+            // `sanitize_term_field()` returns slashed data.
+            $_name = stripslashes( sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' ) );
         }