Opened 7 years ago
Last modified 7 years ago
#42096 new defect (bug)
`WP_Term_Query` sanitizes `slug` parameter incorrectly
Reported by: | boonebgorges | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Taxonomy | Keywords: | has-patch has-unit-tests |
Focuses: | Cc: |
Description
At save time, slugs are sanitized for MySQL using sanitize_title()
. When constructing a query that is intended to match slugs sanitized in this way, we should use sanitize_title_for_query()
. See #19292 [19444].
WP_Term_Query
improperly uses sanitize_title()
in the query context. https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/class-wp-term-query.php?marks=495,498#L494 It has always been thus: [30024], [5525]. It should be fixed. Let's get a unit test that describes the bug (see #19292 for sample payload).
Attachments (2)
Change History (7)
#2
@
7 years ago
- Keywords has-patch added; needs-patch removed
We were working on this patch together during a contrib2core meetup with: @petertoi, @pbearne, @benmoody & @jeremyescott. Tests will follow.
This ticket was mentioned in Slack in #core by petertoi. View the logs.
7 years ago
#5
@
7 years ago
FYI: The recording of the Meetup where we created the patch https://www.youtube.com/watch?v=fDxAFclKlHg
From my testing it looks like the
pre_term_slug
callback also falls into view for this patch. This hook is run whensanitize_term_field
is called during query parsing.https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/default-filters.php?marks=77#L77
https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/class-wp-query.php?marks=1208,1214,1218#L1204
https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/taxonomy.php?marks=1455#L1433