Make WordPress Core


Ignore:
Timestamp:
03/30/2016 05:35:35 PM (8 years ago)
Author:
nbachiyski
Message:

Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters

The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 4.0 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0/src/wp-includes/taxonomy.php

    r29549 r37139  
    598598    $term_ids = array_map('intval', $term_ids );
    599599
    600     $taxonomies = "'" . implode( "', '", $taxonomies ) . "'";
     600    $taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
    601601    $term_ids = "'" . implode( "', '", $term_ids ) . "'";
    602602
     
    13901390    }
    13911391
    1392     $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
     1392    $where = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')";
    13931393
    13941394    $exclude = $args['exclude'];
     
    22782278        $order = 'ASC';
    22792279
    2280     $taxonomies = "'" . implode("', '", $taxonomies) . "'";
     2280    $taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
    22812281    $object_ids = implode(', ', $object_ids);
    22822282
Note: See TracChangeset for help on using the changeset viewer.