Index: src/wp-includes/post.php
===================================================================
--- src/wp-includes/post.php	(revision 32024)
+++ src/wp-includes/post.php	(working copy)
@@ -3106,12 +3106,14 @@
 
 	unset( $postarr[ 'filter' ] );
 
+    if( ! empty( $postarr['guid'] ) )
+        $guid = esc_url_raw( $postarr['guid'] );
+
 	$postarr = sanitize_post($postarr, 'db');
 
 	// Are we updating or creating?
 	$post_ID = 0;
 	$update = false;
-	$guid = $postarr['guid'];
 
 	if ( ! empty( $postarr['ID'] ) ) {
 		$update = true;
@@ -3126,8 +3128,8 @@
 			return 0;
 		}
 
-		$guid = get_post_field( 'guid', $post_ID );
-		$previous_status = get_post_field('post_status', $post_ID );
+		$guid = get_post_field( 'guid', $post_ID, 'raw' );
+		$previous_status = get_post_field( 'post_status', $post_ID, 'raw' );
 	} else {
 		$previous_status = 'new';
 	}
@@ -3209,7 +3211,7 @@
 	} else {
 		// On updates, we need to check to see if it's using the old, fixed sanitization context.
 		$check_name = sanitize_title( $post_name, '', 'old-save' );
-		if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID ) == $check_name ) {
+		if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID, 'raw' ) == $check_name ) {
 			$post_name = $check_name;
 		} else { // new post, or slug has changed.
 			$post_name = sanitize_title($post_name);
@@ -3430,7 +3432,7 @@
 		}
 	}
 
-	$current_guid = get_post_field( 'guid', $post_ID );
+	$current_guid = get_post_field( 'guid', $post_ID, 'raw' );
 
 	// Set GUID.
 	if ( ! $update && '' == $current_guid ) {
Index: tests/phpunit/tests/post.php
===================================================================
--- tests/phpunit/tests/post.php	(revision 32024)
+++ tests/phpunit/tests/post.php	(working copy)
@@ -1068,4 +1068,38 @@
 			$this->assertEquals( $value, $post->$field );
 		}
 	}
+
+
+    /**
+     * Tests 'guid' not properly escaped
+     * @ticket 24248
+     */
+    function test_wp_guid_escaped_properly() {
+
+        $guid = 'http://example.org/?p=77&test=blah';
+
+        //Insert new post with guid
+        $id = wp_insert_post( array(
+            'post_author' => $this->author_id,
+            'post_status' => 'new',
+            'post_content' => rand_str(),
+            'post_title' => rand_str(),
+            'guid' => $guid,
+        ) );
+        $post = get_post( $id );
+
+        $this->assertEquals( $guid, $post->guid );
+
+        //Update post
+        $id = wp_update_post( array(
+            'ID' => $id,
+            'post_status' => 'publish',
+            'post_content' => rand_str(),
+            'post_title' => rand_str(),
+        ) );
+        $post = get_post( $id );
+
+        $this->assertEquals( $guid, $post->guid );
+    }
+
 }