Make WordPress Core

Opened 13 years ago

Closed 11 years ago

#20850 closed defect (bug) (duplicate)

Duplicate term insertion allowed after insertion with case differences

Reported by: jazbek's profile jazbek Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.2
Component: Taxonomy Keywords: has-patch dev-feedback
Focuses: Cc:

Description

I've discovered a case where duplicate terms can be inserted with wp_insert_term(). Steps to reproduce:

  1. Insert a term, i.e.
     wp_insert_term('USA', 'country');
    
  2. Insert the same term, but with a different case, i.e.
     wp_insert_term('usa', 'country'); // it's ok that this succeeds, because technically it *is* different (case-wise)
    
  3. Insert the same term as in step 2. It should fail, but doesn't:
     wp_insert_term('usa', 'country'); // succeeds
    

This is because wp_insert_term() does the following:

  1. Finds the first term in the db that matches the initial (non-unique) slug for the new term name
  2. If the name of the found term doesn't match the new term name, then insert continues. In the example above, it's comparing all subsequent 'usa' term names to the first 'USA' term name and determining that it's ok to continue, when it's not because there are other 'usa' terms that it didn't look at.

Attachments (1)

20850.patch (1.1 KB) - added by kurtpayne 13 years ago.
Check the term name, not slug, use LIKE BINARY

Download all attachments as: .zip

Change History (7)

#1 @knutsp
13 years ago

  • Cc knut@… added

#2 @johnbillion
13 years ago

  • Cc johnbillion added

@kurtpayne
13 years ago

Check the term name, not slug, use LIKE BINARY

#3 follow-up: @kurtpayne
13 years ago

  • Cc kpayne@… added
  • Keywords has-patch dev-feedback added

Is there a reason duplicate term checking in wp_insert_term() uses the slug instead of the name?

#4 in reply to: ↑ 3 ; follow-up: @DrewAPicture
12 years ago

Replying to kurtpayne:

Is there a reason duplicate term checking in wp_insert_term() uses the slug instead of the name?

Probably because you can't have duplicate slugs, but I'd expect there to also be a check for the name. I'm guessing there are probably back-compat concerns for people who have existing terms of multiple casings and that's why it's still allowed.

Last edited 12 years ago by DrewAPicture (previous) (diff)

#5 in reply to: ↑ 4 @kurtpayne
12 years ago

Replying to DrewAPicture:

Probably because you can't have duplicate slugs

It looks like a unique slug is already picked via:

$slug = wp_unique_term_slug($slug, (object) $args);

#6 @wonderboymusic
11 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

This will be attacked over on #17689, unit tests as well

Note: See TracTickets for help on using tickets.