#54840 closed defect (bug) (fixed)
wp_insert_term sanitizes attribute names, while term_exists does not before checking names
Reported by: | Dekadinious | Owned by: | |
---|---|---|---|
Milestone: | 6.0 | Priority: | normal |
Severity: | normal | Version: | 5.8.2 |
Component: | Taxonomy | Keywords: | has-patch has-unit-tests needs-testing has-testing-info |
Focuses: | Cc: |
Description
We have found an edge-case bug in the way term_exists handles checking for existing names compared to how wp_insert_term inserts the names. This happens if you are in a situation where the term name has an ampersand, and term_exists reach the point where it needs to check for the name. This happened to us because we have a suffix on each term slug.
So if we are creating the term "X & Y", the slug will be "x-y-suffix". Therefore, there is no "x-y" slug in the database. The term_exists function will therefore not find the slug and will check for the name instead.
When checking for the name, it will see if "X & Y" exists in the database. It does not, because wp_insert_term sanitizes the name and inserts it as "X & Y".
The behavior is inconsistent. I would expect term_exist to find that the term exists when checking for the exact name used in wp_insert_term.
Change History (7)
This ticket was mentioned in PR #2180 on WordPress/wordpress-develop by costdev.
3 years ago
#2
- Keywords has-patch has-unit-tests added
Trac ticket: https://core.trac.wordpress.org/ticket/54840
#3
follow-up:
↓ 5
@
3 years ago
- Keywords needs-testing has-testing-info added
- Milestone changed from Awaiting Review to 6.0
PR added with unit tests. Milestoning for 6.0.
#5
in reply to:
↑ 3
@
3 years ago
Replying to costdev:
PR added with unit tests. Milestoning for 6.0.'
EDIT: Sorry, I just had some bad code hanging around in my testing. It does not seem to be a problem with get_terms.
I don't know if this should be posted here as a comment, or if a new ticket should be created, but this seems to happen with get_terms() also. If you choose to fetch by name but don't run esc_attr() first, it will not find a term with single quotes in it. One would think get_terms() would find a term inserted by wp_insert_term() without modifications.
#6
@
2 years ago
- Resolution set to fixed
- Status changed from new to closed
This particular issue appears to have been resolved by [52921]. In my testing, the term ID is returned now. Closing this ticket as fixed
.
With regards to this comment, if an issue exists in get_terms()
, this should be handled in a separate ticket.
Test Report
Env
Steps to test
Posts > Categories
.X & Y
with the slugx-y-suffix
.wp_die( var_export( term_exists( 'X & Y' ), true ) );
into the active theme'sfunctions.php
file.NULL
. Expected output:<the term's ID>
.Cleanup
Must be done before re-testing.
functions.php
file.Posts > Categories
.X & Y
category.Results