Make WordPress Core


Ignore:
Timestamp:
01/02/2017 07:38:07 PM (7 years ago)
Author:
boonebgorges
Message:

Don't double-escape terms payload in WP_Tax_Query::transform_query().

terms values are passed through sanitize_term_field() with the 'db'
flag, which add slashes. Because terms are subsequently run through
esc_sql(), these slashes must be removed. See [36348], which added
a similar step to sanitization in get_terms().

Props bcworkz.
Fixes #39315.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-tax-query.php

    r38768 r39662  
    624624                     * context is 'db'.
    625625                     */
    626                     $term = "'" . esc_sql( sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ) ) . "'";
     626                    $clean_term = sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' );
     627
     628                    // Match sanitization in wp_insert_term().
     629                    $clean_term = wp_unslash( $clean_term );
     630
     631                    $term = "'" . esc_sql( $clean_term ) . "'";
    627632                }
    628633
Note: See TracChangeset for help on using the changeset viewer.