Index: src/wp-includes/post.php
===================================================================
--- src/wp-includes/post.php	(revision 35773)
+++ src/wp-includes/post.php	(working copy)
@@ -2916,8 +2916,12 @@
 		'context' => '',
 	);
 
-	$postarr = wp_parse_args($postarr, $defaults);
+	if ( ! empty( $postarr['guid'] ) ) {
+		$guid = esc_url_raw( $postarr['guid'] );
+	}
 
+	$postarr = wp_parse_args( $postarr, $defaults );
+
 	unset( $postarr[ 'filter' ] );
 
 	$postarr = sanitize_post($postarr, 'db');
@@ -2925,7 +2929,6 @@
 	// Are we updating or creating?
 	$post_ID = 0;
 	$update = false;
-	$guid = $postarr['guid'];
 
 	if ( ! empty( $postarr['ID'] ) ) {
 		$update = true;
@@ -2940,8 +2943,8 @@
 			return 0;
 		}
 
-		$guid = get_post_field( 'guid', $post_ID );
-		$previous_status = get_post_field('post_status', $post_ID );
+		$guid = get_post_field( 'guid', $post_ID, 'raw' );
+		$previous_status = get_post_field( 'post_status', $post_ID, 'raw' );
 	} else {
 		$previous_status = 'new';
 	}
@@ -3023,10 +3026,10 @@
 	} else {
 		// On updates, we need to check to see if it's using the old, fixed sanitization context.
 		$check_name = sanitize_title( $post_name, '', 'old-save' );
-		if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID ) == $check_name ) {
+		if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID, 'raw' ) == $check_name ) {
 			$post_name = $check_name;
 		} else { // new post, or slug has changed.
-			$post_name = sanitize_title($post_name);
+			$post_name = sanitize_title( $post_name );
 		}
 	}
 
@@ -3262,7 +3265,7 @@
 		}
 	}
 
-	$current_guid = get_post_field( 'guid', $post_ID );
+	$current_guid = get_post_field( 'guid', $post_ID, 'raw' );
 
 	// Set GUID.
 	if ( ! $update && '' == $current_guid ) {
Index: tests/phpunit/tests/post.php
===================================================================
--- tests/phpunit/tests/post.php	(revision 35773)
+++ tests/phpunit/tests/post.php	(working copy)
@@ -1229,4 +1229,38 @@
 		$this->assertEquals(get_date_from_gmt($post['post_date_gmt']), $out->post_date);
 		$this->assertEquals($post['post_date_gmt'], $out->post_date_gmt);
 	}
+
+
+    /**
+     * Tests 'guid' not properly escaped
+     * @ticket 24248
+     */
+    function test_wp_guid_escaped_properly() {
+
+        $guid = 'http://example.org/?p=77&test=blah';
+
+        //Insert new post with guid
+        $id = wp_insert_post( array(
+            'post_author' => $this->author_id,
+            'post_status' => 'new',
+            'post_content' => rand_str(),
+            'post_title' => rand_str(),
+            'guid' => $guid,
+        ) );
+        $post = get_post( $id );
+
+        $this->assertEquals( $guid, $post->guid );
+
+        //Update post
+        $id = wp_update_post( array(
+            'ID' => $id,
+            'post_status' => 'publish',
+            'post_content' => rand_str(),
+            'post_title' => rand_str(),
+        ) );
+        $post = get_post( $id );
+
+        $this->assertEquals( $guid, $post->guid );
+    }
+
 }