Improve WP_Term's sanitization calls

[Cybr]

Akin to WP_Post::filter(), I think WP_Term::filter() should have a bypass, too. This will significantly improve performance wherever terms are used (list edit screens, category widgets, blocks) because the bypass prevents redundant re-sanitization.

The attached patch will shave off a 30% load time at wp-admin/edit.php after #50567's implementation. This patch tests for the WP_Term object's ::$filter state, and only re-sanitizes the term when the state differs from the input argument.

You'll also find that sanitize_term() now looks a lot like sanitize_post()--the same goes for get_term()'s resemblance to get_post(). Overall, it seems posts have received a lot more love over the years, and this patch steals some of that.

There are a few issues with terms, however. For example, update_term_cache() caches terms regardless of being shared, while WP_Term::get_instance() tries to prevent that. The $filter = 'display' argument is used in contexts where raw would do fine, too (e.g. @ WP_Terms_List_Table::single_row()). If we iron those issues out, we can fully phase out the re-sanitization of terms.

[hellofromTonya]

From today's 5.6 core scrub, Sergey:

This could probably use some unit tests. Both #50567 and this one are nice performance enhancements, but also seem like early tickets, should probably be moved to 5.7.

Moving this ticket to early 5.7 milestone along with #50567.

If any maintainer or committer feels this can be resolved in time, or wishes to assume ownership during a specific cycle, feel free to update the milestone accordingly.

[hellofromTonya]

This ticket is marked for early in the alpha cycle. We are now in the Beta cycle and long past early. Moving this ticket and #50567 to Future Release. However, would be great to get both committed early in 5.8 alpha cycle if possible.

If any maintainer or committer feels this can be resolved in time, or wishes to assume ownership during a specific cycle, feel free to update the milestone accordingly.

[mukesh27]

@Cybr would you mind creating a PR on github.com/wordpress/wordpress-develop? #50567 is already merge so we can target this for next milestone? cc. @peterwilsoncc

[Cybr]

Here's a snippet of a bypass I've been using for the past 4 years.
I put in a collective fix-up plugin called "WP Fix: Unified Core Kit," which I might publish here one day.

add_filter(
        'get_term',
        /**
         * Properly primes term cache. Otherwise, terms get resanitized every time they're called.
         *
         * @since 1.0.0
         * @link <https://core.trac.wordpress.org/ticket/50568>
         *
         * @param WP_Term $term     Term object.
         * @param string  $taxonomy The taxonomy slug.
         */
        function( $term, $taxonomy ) {

                $_term = wp_cache_get( $term->term_id, 'terms' );

                if ( $_term && empty( $_term->filter ) ) {
                        $term = sanitize_term( $term, $taxonomy, 'raw' );
                        wp_cache_replace( $term->term_id, $term, 'terms' );
                }

                return $term;
        },
        -100, // Low, for others might add data to the term object, which we don't want to filter out...
        2
);

Saves 2 redundant database requests on my tiny homepage (running WP 6.4.3).

[flixos90]

I'm unsure about the performance value of this ticket without a good set of metrics to back up the proposal. That said, the proposed change is merely achieving parity of WP_Term::filter() with what WP_Post::filter() already does. So from that perspective, it makes sense to me, regardless of whether this has a notable performance benefit or not.

Assigning to @pbearne as discussed ​on Slack.

[pbearne]

Pushed a first version

I had an issue with the slugs. I assumed that they should always be sanitized
this wasn't happening

[abcd95]

Replying to pbearne:

Thank you, everyone, for working on this.

Hi @pbearne, since this ticket has been inactive for some time, I would like to ask if you're still working on it.

[pbearne]

The pull request is here
​https://github.com/pbearne/wordpress-develop/pull/135

Sorry, it wasn't in the ticket.

The tests are failing. we need to look at why

Paul

[abcd95]

Thanks @pbearne. I am gonna go ahead and remove the needs-unit-tests tag since your ​PR already includes the required tests.

Additionally, since there have been numerous changes since you raised the PR, I think a rebase against the latest trunk might give a clearer picture of which tests are actually failing due to the changes made.

[pbearne]

I merged core into this branch, but I'm still getting loads of failures, so this needs more work

[rollybueno]

Bdw, the PR at ​https://github.com/pbearne/wordpress-develop/pull/135 is currently set to merge into ​https://github.com/pbearne/wordpress-develop/tree/trunk, but it should be targeting WordPress:trunk.

[pbearne]

Replying to rollybueno:

Bdw, the PR at ​https://github.com/pbearne/wordpress-develop/pull/135 is currently set to merge into ​https://github.com/pbearne/wordpress-develop/tree/trunk, but it should be targeting WordPress:trunk.

had to kill the pull request and redo

Most of failed checks here are about unit testing..

[welcher]

@pbearne do you think you can pick this up in time for 6.9?

[wildworks]

This ticket was featured on today's 6.9 Bug Scrub.

Beta1 is coming up soon, so let's punt it to 7.0. At the very least _{the patch needs to be updated.}