Make WordPress Core


Ignore:
Timestamp:
01/08/2024 10:42:49 PM (9 months ago)
Author:
SergeyBiryukov
Message:

Taxonomy: Check for empty term after DB sanitization in wp_insert_term().

When inserting a new term in the database, wp_insert_term() will check if the term is empty and return a corresponding error.

Afterwards the term is sanitized and inserted in the database. However, there is a chance the term is empty after the DB sanitization.

This commit adds a check for an empty term name after the term is sanitized, returning an error in that case.

Follow-up to [5726], [8393].

Props fgiannar, kraftbj.
Fixes #59995.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/taxonomy.php

    r57239 r57251  
    24352435    $parent      = (int) $args['parent'];
    24362436
     2437    // Sanitization could clean the name to an empty string that must be checked again.
     2438    if ( '' === $name ) {
     2439        return new WP_Error( 'invalid_term_name', __( 'Invalid term name.' ) );
     2440    }
     2441
    24372442    $slug_provided = ! empty( $args['slug'] );
    24382443    if ( ! $slug_provided ) {
Note: See TracChangeset for help on using the changeset viewer.