Changeset 37142

Timestamp:

03/30/2016 05:42:44 PM (7 years ago)

Author:

nbachiyski

Message:

Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters

The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction.

Merge of [37133] to the 3.7 branch.

File:

• branches/3.7/src/wp-includes/taxonomy.php (modified) (3 diffs)

branches/3.7/src/wp-includes/taxonomy.php

@@ -588 +588 @@
     $term_ids = array_map('intval', $term_ids );
 
-    $taxonomies = "'" . implode( "', '", $taxonomies ) . "'";
+    $taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
     $term_ids = "'" . implode( "', '", $term_ids ) . "'";
 
@@ -1347 +1347 @@
         $order = 'ASC';
 
-    $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
+    $where = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')";
     $inclusions = '';
     if ( ! empty( $include ) ) {
@@ -2030 +2030 @@
         $order = 'ASC';
 
-    $taxonomies = "'" . implode("', '", $taxonomies) . "'";
+    $taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'";
     $object_ids = implode(', ', $object_ids);