#59995 closed defect (bug) (fixed)
Taxonomy: Check for empty term after DB sanitization in wp_insert_term
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 6.5 | Priority: | normal |
| Severity: | major | Version: | |
| Component: | Taxonomy | Keywords: | has-patch has-unit-tests |
| Focuses: | Cc: |
Description
When inserting a new term in the database, wp_insert_term will check if the term is empty and return a corresponing error.
Afterwards the term is sanitized and inserted in the database. However, there's a chance the term is empty after the DB sanitization.
This is never checked though and will result in 1) empty terms in the DB and 2) possible OOM issues in wp_insert_term when checking if the term name matches an existing one because of using get_terms with an empty name argument
Example: wp_insert_term( '<script>Yo</script>', 'post_tag' );
Change History (5)
This ticket was mentioned in PR #5722 on WordPress/wordpress-develop by fgiannar.
2 years ago
#1
- Keywords has-patch has-unit-tests added
#2
in reply to:
↑ description
@
2 years ago
Replying to fgiannar:
Example:
wp_insert_term( '<script>Yo</script>', 'post_tag' );
Example: wp_insert_term( '<script>onclick=alert("hello")</script>', 'post_tag' );
@SergeyBiryukov commented on PR #5722:
2 years ago
#5
Thanks for the PR! Merged in r57251.
When inserting a new term in the database,
wp_insert_termwill check if the term is empty and return a corresponding error.Afterwards the term is sanitized and inserted in the database. However, there's a chance the term is empty after the DB sanitization.
This is never checked though and will result in 1) empty terms in the DB and 2) possible OOM issues in
wp_insert_termwhen checking if the term name matches an existing one because of usingget_termswith an empty name argumentThe current PR: