WordPress.org

Make WordPress Core

Changeset 5652


Ignore:
Timestamp:
06/05/2007 12:57:23 AM (15 years ago)
Author:
ryan
Message:

Term sanitization. see #4189

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r5462 r5652  
    33// Some default filters
    44add_filter('bloginfo','wp_specialchars');
     5add_filter('term_description', 'wptexturize');
    56add_filter('category_description', 'wptexturize');
    67add_filter('list_cats', 'wptexturize');
     
    5253
    5354add_filter('comment_excerpt', 'convert_chars');
     55
     56// Terms
     57add_filter('pre_term_name', 'strip_tags');
     58add_filter('pre_term_name', 'trim');
     59add_filter('pre_term_name', 'wp_filter_kses');
     60add_filter('pre_term_name', 'wp_specialchars', 30);
     61add_filter('pre_term_description', 'wp_filter_kses');
    5462
    5563// Categories
  • trunk/wp-includes/taxonomy.php

    r5622 r5652  
    6868    $defaults = array( 'alias_of' => '', 'description' => '', 'parent' => 0, 'slug' => '');
    6969    $args = wp_parse_args($args, $defaults);
     70    $args['name'] = $term;
     71    $args = sanitize_term($args, $taxonomy, 'db');
    7072    extract($args);
    71 
    72     $name = $term;
    73     $parent = (int) $parent;
    7473
    7574    if ( empty($slug) )
     
    206205    $term = get_term ($term_id, $taxonomy, ARRAY_A);
    207206
     207    $term = sanitize_term($term, $taxonomy, 'db');
     208
    208209    // Escape data pulled from DB.
    209210    $term = add_magic_quotes($term);
     
    223224        $slug = sanitize_title($slug);
    224225
    225     $term_group = 0;   
    226226    if ( $alias_of ) {
    227227        $alias = $wpdb->fetch_row("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$alias_of'");
     
    231231        } else {
    232232            // The alias isn't in a group, so let's create a new one and firstly add the alias term to it.
    233             $term_group = $wpdb->get_var("SELECT MAX() term_group FROM $wpdb->terms GROUP BY term_group") + 1;
     233            $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
    234234            $wpdb->query("UPDATE $wpdb->terms SET term_group = $term_group WHERE term_id = $alias->term_id");
    235235        }
     
    245245    $tt_id = $wpdb->get_var("SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.term_id = $term_id");
    246246
    247     $wpdb->query("UPDATE $wpdb->term_taxonomy SET term_id = '$term_id', taxonomy = '$taxonomy', description = '$description', parent = '$parent', count = 0 WHERE term_taxonomy_id = '$tt_id'");
     247    $wpdb->query("UPDATE $wpdb->term_taxonomy SET term_id = '$term_id', taxonomy = '$taxonomy', description = '$description', parent = '$parent' WHERE term_taxonomy_id = '$tt_id'");
    248248
    249249    do_action("edit_term", $term_id, $tt_id);
     
    709709}
    710710
     711function get_term_field( $field, $term, $taxonomy, $context = 'display' ) {
     712    $term = (int) $term;
     713    $term = get_term( $term, $taxonomy );
     714
     715    if ( !is_object($term) )
     716        return '';
     717
     718    if ( !isset($term->$field) )
     719        return '';
     720
     721    return sanitize_term_field($field, $term->$field, $term->term_id, $taxonomy, $context);
     722}
     723
     724function get_term_to_edit( $id, $taxonomy ) {
     725    $term = get_term( $id, $taxonomy );
     726
     727    if ( !is_object($term) )
     728        return '';
     729
     730    return sanitize_term($term, $taxonomy, 'edit');
     731}
     732
     733function sanitize_term($term, $taxonomy, $context = 'display') {
     734    $fields = array('term_id', 'name', 'description', 'slug', 'count', 'term_group');
     735
     736    $do_object = false;
     737    if ( is_object($term) )
     738        $do_object = true;
     739
     740    foreach ( $fields as $field ) {
     741        if ( $do_object )
     742            $term->$field = sanitize_term_field($field, $term->$field, $term->term_id, $taxonomy, $context);
     743        else
     744            $term[$field] = sanitize_term_field($field, $term[$field], $term['term_id'], $taxonomy, $context); 
     745    }
     746
     747    return $term;
     748}
     749
     750function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) {
     751    if ( 'parent' == $field  || 'term_id' == $field || 'count' == $field
     752        || 'term_group' == $field )
     753        $value = (int) $value;
     754
     755    if ( 'edit' == $context ) {
     756        $value = apply_filters("edit_term_$field", $value, $term_id, $taxonomy);
     757        $value = apply_filters("edit_${taxonomy}_$field", $value, $term_id);
     758        if ( 'description' == $field )
     759            $value = format_to_edit($value);
     760        else
     761            $value = attribute_escape($value);
     762    } else if ( 'db' == $context ) {
     763        $value = apply_filters("pre_term_$field", $value, $taxonomy);
     764        $value = apply_filters("pre_${taxonomy}_$field", $value);   
     765    } else {
     766        // Use display filters by default.
     767        $value = apply_filters("term_$field", $value, $term_id, $taxonomy, $context);
     768        $value = apply_filters("${taxonomy}_$field", $value, $term_id, $context);
     769    }
     770
     771    // TODO: attribute is usually done in an edit context, so display filters probably
     772    // not appropriate.
     773    if ( 'attribute' == $context )
     774        $value = attribute_escape($value);
     775    else if ( 'js' == $context )
     776        $value = js_escape($value);
     777
     778    return $value;
     779}
     780
     781//
     782// Cache
     783//
     784
     785function clean_term_cache($ids, $taxonomy) {
     786    if ( !is_array($ids) )
     787        $ids = array($ids);
     788
     789    foreach ( $ids as $id ) {
     790        wp_cache_delete($id, $taxonomy);
     791    }
     792
     793    wp_cache_delete('all_ids', $taxonomy);
     794    wp_cache_delete('get', $taxonomy);
     795    delete_option("{$taxonomy}_children");
     796    wp_cache_delete('get_terms', 'terms');
     797}
     798
    711799function update_term_cache($terms, $taxonomy = '') {
    712800    foreach ( $terms as $term ) {
     
    717805        wp_cache_add($term->term_id, $term, $term_taxonomy);
    718806    }
    719 }
    720 
    721 function clean_term_cache($ids, $taxonomy) {
    722     if ( !is_array($ids) )
    723         $ids = array($ids);
    724 
    725     foreach ( $ids as $id ) {
    726         wp_cache_delete($id, $taxonomy);
    727     }
    728 
    729     wp_cache_delete('all_ids', $taxonomy);
    730     wp_cache_delete('get', $taxonomy);
    731     delete_option("{$taxonomy}_children");
    732     wp_cache_delete('get_terms', 'terms');
    733807}
    734808
     
    796870}
    797871
     872//
     873// Private
     874//
     875
    798876function _get_term_hierarchy($taxonomy) {
    799877    // TODO Make sure taxonomy is hierarchical
Note: See TracChangeset for help on using the changeset viewer.