Make WordPress Core


Ignore:
Timestamp:
01/08/2024 10:42:49 PM (4 months ago)
Author:
SergeyBiryukov
Message:

Taxonomy: Check for empty term after DB sanitization in wp_insert_term().

When inserting a new term in the database, wp_insert_term() will check if the term is empty and return a corresponding error.

Afterwards the term is sanitized and inserted in the database. However, there is a chance the term is empty after the DB sanitization.

This commit adds a check for an empty term name after the term is sanitized, returning an error in that case.

Follow-up to [5726], [8393].

Props fgiannar, kraftbj.
Fixes #59995.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/term/wpInsertTerm.php

    r56548 r57251  
    896896    }
    897897
     898    /**
     899     * @ticket 59995
     900     */
     901    public function test_wp_insert_term_with_empty_name_after_db_sanitization() {
     902        $term = wp_insert_term(
     903            '<script>onclick=alert("hello")</script>',
     904            'post_tag'
     905        );
     906
     907        $this->assertWPError( $term );
     908        $this->assertSame( 'invalid_term_name', $term->get_error_code() );
     909    }
     910
    898911    /** Helpers */
    899912
Note: See TracChangeset for help on using the changeset viewer.