Changeset 39662 for trunk/src/wp-includes/class-wp-tax-query.php

Timestamp:

01/02/2017 07:38:07 PM (8 years ago)

Author:

boonebgorges

Message:

Don't double-escape terms payload in WP_Tax_Query::transform_query().

terms values are passed through sanitize_term_field() with the 'db'
flag, which add slashes. Because terms are subsequently run through
esc_sql(), these slashes must be removed. See [36348], which added
a similar step to sanitization in get_terms().

Props bcworkz.
Fixes #39315.

File:

• trunk/src/wp-includes/class-wp-tax-query.php (modified) (1 diff)

trunk/src/wp-includes/class-wp-tax-query.php

@@ -624 +624 @@
                      * context is 'db'.
                      */
-                    $term = "'" . esc_sql( sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ) ) . "'";
+                    $clean_term = sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' );
+
+                    // Match sanitization in wp_insert_term().
+                    $clean_term = wp_unslash( $clean_term );
+
+                    $term = "'" . esc_sql( $clean_term ) . "'";
                 }