Index: src/wp-includes/post.php
===================================================================
--- src/wp-includes/post.php	(revision 37676)
+++ src/wp-includes/post.php	(working copy)
@@ -3039,8 +3039,12 @@
 		'context' => '',
 	);
 
-	$postarr = wp_parse_args($postarr, $defaults);
+	if ( ! empty( $postarr['guid'] ) ) {
+		$guid = esc_url_raw( $postarr['guid'] );
+	}
 
+	$postarr = wp_parse_args( $postarr, $defaults );
+
 	unset( $postarr[ 'filter' ] );
 
 	$postarr = sanitize_post($postarr, 'db');
@@ -3048,7 +3052,6 @@
 	// Are we updating or creating?
 	$post_ID = 0;
 	$update = false;
-	$guid = $postarr['guid'];
 
 	if ( ! empty( $postarr['ID'] ) ) {
 		$update = true;
@@ -3063,8 +3066,8 @@
 			return 0;
 		}
 
-		$guid = get_post_field( 'guid', $post_ID );
-		$previous_status = get_post_field('post_status', $post_ID );
+		$guid = get_post_field( 'guid', $post_ID, 'raw' );
+		$previous_status = get_post_field( 'post_status', $post_ID, 'raw' );
 	} else {
 		$previous_status = 'new';
 	}
@@ -3149,10 +3152,10 @@
 	} else {
 		// On updates, we need to check to see if it's using the old, fixed sanitization context.
 		$check_name = sanitize_title( $post_name, '', 'old-save' );
-		if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID ) == $check_name ) {
+		if ( $update && strtolower( urlencode( $post_name ) ) == $check_name && get_post_field( 'post_name', $post_ID, 'raw' ) == $check_name ) {
 			$post_name = $check_name;
 		} else { // new post, or slug has changed.
-			$post_name = sanitize_title($post_name);
+			$post_name = sanitize_title( $post_name );
 		}
 	}
 
@@ -3410,7 +3413,7 @@
 		}
 	}
 
-	$current_guid = get_post_field( 'guid', $post_ID );
+	$current_guid = get_post_field( 'guid', $post_ID, 'raw' );
 
 	// Set GUID.
 	if ( ! $update && '' == $current_guid ) {
Index: tests/phpunit/tests/post.php
===================================================================
--- tests/phpunit/tests/post.php	(revision 37676)
+++ tests/phpunit/tests/post.php	(working copy)
@@ -1258,4 +1258,33 @@
 		$this->assertEquals( 0, get_post( $page_id )->post_parent );
 	}
 
+	/**
+ 	 * Tests 'guid' not properly escaped
+ 	 * @ticket 24248
+ 	 */
+	function test_wp_guid_escaped_properly() {
+		$guid = 'http://example.org/?p=77&test=blah';
+		//Insert new post with guid
+		$id = wp_insert_post( array(
+			'post_author' => $this->author_id,
+			'post_status' => 'new',
+			'post_content' => rand_str(),
+			'post_title' => rand_str(),
+			'guid' => $guid,
+		) );
+		$post = get_post( $id );
+
+		$this->assertEquals( $guid, $post->guid );
+
+		//Update post
+		$id = wp_update_post( array(
+			'ID' => $id,
+			'post_status' => 'publish',
+			'post_content' => rand_str(),
+			'post_title' => rand_str(),
+		) );
+		$post = get_post( $id );
+
+		$this->assertEquals( $guid, $post->guid );
+	}
 }