Opened 11 years ago
Last modified 5 years ago
#24354 assigned defect (bug)
get_cat_id() fails with category names containing ampersand
Reported by: | Kenshino | Owned by: | boonebgorges |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.5.1 |
Component: | Taxonomy | Keywords: | has-patch |
Focuses: | Cc: |
Description
echo get_cat_id('News'); results in 3 (as expected); echo get_cat_id('Test OtherName'); results in 8 (as expected); echo get_cat_id('Test&OtherName'); Results in 0 echo get_cat_id('News & Media'); Results in 0
All the category names were created in the Category Edit page, category names were copied from the text box directly into the code to allow no formatting issues.
I tracked the code to get_term_by and I think the ampersand in category name screws up possibly after being added into the prepared SQL statement.
Attachments (4)
Change History (20)
#2
@
11 years ago
Aye. I've done that, but I think either the function needs to translate special characters into entities or the Codex must be altered to add a note.
#4
@
11 years ago
I just tested with the following changes made to get_cat_ID() on line 172 of category.php:
Change from:
$cat = get_term_by( 'name', $cat_name, 'category' );
to:
$cat = get_term_by( 'name', esc_attr($cat_name), 'category' );
. . . which seems to work for both of the following:
echo get_cat_id('News & Media');
get_cat_id('News & Media')
I imagine there are some major implications to changing the basic functionality of get_cat_ID, however. Thoughts?
Also, this is my first post on trac - did I do it right? :)
#6
@
11 years ago
- Keywords has-patch added; needs-testing dev-feedback removed
Since get_term_by()
expects the name parameter to be escaped, be sure it's escaped before passing it along.
#8
@
11 years ago
- Keywords 2nd-opinion added; commit removed
This fix works, but it's fixing the issue in the wrong place. The problem is due to #11311 and should be fixed there.
#9
@
11 years ago
Fair enough. Will take a look at the other ticket.
The question remains, tho, if we are escaping & to & for storage, do we need to escape before querying by the name? Considering get_term_by() expects already escaped data, we should be escaping on both ends.
This is beyond just fixing kses...
#11
@
10 years ago
- Keywords needs-unit-tests added; 2nd-opinion removed
- Milestone changed from Awaiting Review to Future Release
this needs unit tests to explain what is going on - this could easily get picked up as part of the taxonomy work in 4.0 that might or might not happen
#13
@
9 years ago
- Keywords needs-refresh added
- Milestone changed from Future Release to 4.4
- Owner set to boonebgorges
- Status changed from new to assigned
#14
@
9 years ago
- Keywords needs-refresh removed
24354.3.diff moves the change to the new location in category-functions.php
#15
@
9 years ago
- Milestone changed from 4.4 to Future Release
I think this should be happening at a lower level. See https://core.trac.wordpress.org/ticket/11311#comment:19
The problem will be due to #11311. Entities in term names are encoded when they're saved to the database. Using
get_cat_id('News & Media')
should work, as unintuitive as it is.