Make WordPress Core

Changeset 37140


Ignore:
Timestamp:
03/30/2016 05:37:45 PM (9 years ago)
Author:
nbachiyski
Message:

Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters

The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 3.9 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.9/src/wp-includes/taxonomy.php

    r27837 r37140  
    596596    $term_ids = array_map('intval', $term_ids );
    597597
    598     $taxonomies = "'" . implode( "', '", $taxonomies ) . "'";
     598    $taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
    599599    $term_ids = "'" . implode( "', '", $term_ids ) . "'";
    600600
     
    13971397        $order = 'ASC';
    13981398
    1399     $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
     1399    $where = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')";
    14001400    $inclusions = '';
    14011401    if ( ! empty( $include ) ) {
     
    22552255        $order = 'ASC';
    22562256
    2257     $taxonomies = "'" . implode("', '", $taxonomies) . "'";
     2257    $taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
    22582258    $object_ids = implode(', ', $object_ids);
    22592259
Note: See TracChangeset for help on using the changeset viewer.