Make WordPress Core

Changeset 37138


Ignore:
Timestamp:
03/30/2016 05:31:58 PM (9 years ago)
Author:
nbachiyski
Message:

Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters

The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 4.1 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/4.1/src/wp-includes/taxonomy.php

    r31476 r37138  
    594594    $term_ids = array_map('intval', $term_ids );
    595595
    596     $taxonomies = "'" . implode( "', '", $taxonomies ) . "'";
     596    $taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
    597597    $term_ids = "'" . implode( "', '", $term_ids ) . "'";
    598598
     
    17361736    }
    17371737
    1738     $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
     1738    $where = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')";
    17391739
    17401740    $exclude = $args['exclude'];
     
    26392639        $order = 'ASC';
    26402640
    2641     $taxonomies = "'" . implode("', '", $taxonomies) . "'";
     2641    $taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
    26422642    $object_ids = implode(', ', $object_ids);
    26432643
Note: See TracChangeset for help on using the changeset viewer.