WordPress.org

Make WordPress Core

Opened 7 years ago

Last modified 10 months ago

#24354 assigned defect (bug)

get_cat_id() fails with category names containing ampersand

Reported by: Kenshino Owned by: boonebgorges
Milestone: Priority: normal
Severity: normal Version: 3.5.1
Component: Taxonomy Keywords: has-patch
Focuses: Cc:

Description

echo get_cat_id('News');
results in 3 (as expected);
echo get_cat_id('Test OtherName');
results in 8 (as expected);
echo get_cat_id('Test&OtherName');
Results in 0
echo get_cat_id('News & Media');
Results in 0

All the category names were created in the Category Edit page, category names were copied from the text box directly into the code to allow no formatting issues.

I tracked the code to get_term_by and I think the ampersand in category name screws up possibly after being added into the prepared SQL statement.

Attachments (4)

24354.diff (503 bytes) - added by ericmann 7 years ago.
Escape category name before passing it to get_term_by().
24354.unit-test.diff (516 bytes) - added by MikeHansenMe 5 years ago.
24354.2.diff (1.0 KB) - added by MikeHansenMe 5 years ago.
Tests and refresh of patch
24354.3.diff (1.1 KB) - added by MikeHansenMe 5 years ago.

Download all attachments as: .zip

Change History (20)

#1 @johnbillion
7 years ago

The problem will be due to #11311. Entities in term names are encoded when they're saved to the database. Using get_cat_id('News & Media') should work, as unintuitive as it is.

#2 @Kenshino
7 years ago

Aye. I've done that, but I think either the function needs to translate special characters into entities or the Codex must be altered to add a note.

#3 @bigwolk
7 years ago

#24665 was marked as a duplicate.

#4 @McGuive7
7 years ago

I just tested with the following changes made to get_cat_ID() on line 172 of category.php:

Change from:
$cat = get_term_by( 'name', $cat_name, 'category' );

to:
$cat = get_term_by( 'name', esc_attr($cat_name), 'category' );

. . . which seems to work for both of the following:
echo get_cat_id('News & Media');
get_cat_id('News & Media')

I imagine there are some major implications to changing the basic functionality of get_cat_ID, however. Thoughts?

Also, this is my first post on trac - did I do it right? :)

#5 @McGuive7
7 years ago

  • Cc McGuive7 added

#6 @ericmann
7 years ago

  • Keywords has-patch added; needs-testing dev-feedback removed

Since get_term_by() expects the name parameter to be escaped, be sure it's escaped before passing it along.

@ericmann
7 years ago

Escape category name before passing it to get_term_by().

#7 @ericmann
7 years ago

  • Keywords commit added

#8 @johnbillion
7 years ago

  • Keywords 2nd-opinion added; commit removed

This fix works, but it's fixing the issue in the wrong place. The problem is due to #11311 and should be fixed there.

#9 @ericmann
7 years ago

Fair enough. Will take a look at the other ticket.

The question remains, tho, if we are escaping & to & for storage, do we need to escape before querying by the name? Considering get_term_by() expects already escaped data, we should be escaping on both ends.

This is beyond just fixing kses...

#11 @wonderboymusic
6 years ago

  • Keywords needs-unit-tests added; 2nd-opinion removed
  • Milestone changed from Awaiting Review to Future Release

this needs unit tests to explain what is going on - this could easily get picked up as part of the taxonomy work in 4.0 that might or might not happen

@MikeHansenMe
5 years ago

Tests and refresh of patch

#12 @MikeHansenMe
5 years ago

  • Keywords needs-unit-tests removed

#13 @wonderboymusic
5 years ago

  • Keywords needs-refresh added
  • Milestone changed from Future Release to 4.4
  • Owner set to boonebgorges
  • Status changed from new to assigned

@MikeHansenMe
5 years ago

#14 @MikeHansenMe
5 years ago

  • Keywords needs-refresh removed

24354.3.diff moves the change to the new location in category-functions.php

#15 @boonebgorges
5 years ago

  • Milestone changed from 4.4 to Future Release

I think this should be happening at a lower level. See https://core.trac.wordpress.org/ticket/11311#comment:19

This ticket was mentioned in Slack in #core by boone. View the logs.


5 years ago

Note: See TracTickets for help on using tickets.