WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 3 months ago

#20850 closed defect (bug) (duplicate)

Duplicate term insertion allowed after insertion with case differences

Reported by: jazbek Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.2
Component: Taxonomy Keywords: has-patch dev-feedback
Focuses: Cc:

Description

I've discovered a case where duplicate terms can be inserted with wp_insert_term(). Steps to reproduce:

  1. Insert a term, i.e.
     wp_insert_term('USA', 'country');
    
  2. Insert the same term, but with a different case, i.e.
     wp_insert_term('usa', 'country'); // it's ok that this succeeds, because technically it *is* different (case-wise)
    
  3. Insert the same term as in step 2. It should fail, but doesn't:
     wp_insert_term('usa', 'country'); // succeeds
    

This is because wp_insert_term() does the following:

  1. Finds the first term in the db that matches the initial (non-unique) slug for the new term name
  2. If the name of the found term doesn't match the new term name, then insert continues. In the example above, it's comparing all subsequent 'usa' term names to the first 'USA' term name and determining that it's ok to continue, when it's not because there are other 'usa' terms that it didn't look at.

Attachments (1)

20850.patch (1.1 KB) - added by kurtpayne 2 years ago.
Check the term name, not slug, use LIKE BINARY

Download all attachments as: .zip

Change History (7)

comment:1 knutsp2 years ago

  • Cc knut@… added

comment:2 johnbillion2 years ago

  • Cc johnbillion added

kurtpayne2 years ago

Check the term name, not slug, use LIKE BINARY

comment:3 follow-up: kurtpayne2 years ago

  • Cc kpayne@… added
  • Keywords has-patch dev-feedback added

Is there a reason duplicate term checking in wp_insert_term() uses the slug instead of the name?

comment:4 in reply to: ↑ 3 ; follow-up: DrewAPicture2 years ago

Replying to kurtpayne:

Is there a reason duplicate term checking in wp_insert_term() uses the slug instead of the name?

Probably because you can't have duplicate slugs, but I'd expect there to also be a check for the name. I'm guessing there are probably back-compat concerns for people who have existing terms of multiple casings and that's why it's still allowed.

Last edited 2 years ago by DrewAPicture (previous) (diff)

comment:5 in reply to: ↑ 4 kurtpayne2 years ago

Replying to DrewAPicture:

Probably because you can't have duplicate slugs

It looks like a unique slug is already picked via:

$slug = wp_unique_term_slug($slug, (object) $args);

comment:6 wonderboymusic3 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

This will be attacked over on #17689, unit tests as well

Note: See TracTickets for help on using tickets.