#59995 closed defect (bug) (fixed)
Taxonomy: Check for empty term after DB sanitization in wp_insert_term
Reported by: | fgiannar | Owned by: | fgiannar |
---|---|---|---|
Milestone: | 6.5 | Priority: | normal |
Severity: | major | Version: | |
Component: | Taxonomy | Keywords: | has-patch has-unit-tests |
Focuses: | Cc: |
Description
When inserting a new term in the database, wp_insert_term
will check if the term is empty and return a corresponing error.
Afterwards the term is sanitized and inserted in the database. However, there's a chance the term is empty after the DB sanitization.
This is never checked though and will result in 1) empty terms in the DB and 2) possible OOM issues in wp_insert_term
when checking if the term name matches an existing one because of using get_terms
with an empty name argument
Example: wp_insert_term( '<script>Yo</script>', 'post_tag' )
;
Change History (5)
This ticket was mentioned in PR #5722 on WordPress/wordpress-develop by fgiannar.
11 months ago
#1
- Keywords has-patch has-unit-tests added
#2
in reply to:
↑ description
@
11 months ago
Replying to fgiannar:
Example:
wp_insert_term( '<script>Yo</script>', 'post_tag' )
;
Example: wp_insert_term( '<script>onclick=alert("hello")</script>', 'post_tag' )
;
@SergeyBiryukov commented on PR #5722:
9 months ago
#5
Thanks for the PR! Merged in r57251.
When inserting a new term in the database,
wp_insert_term
will check if the term is empty and return a corresponding error.Afterwards the term is sanitized and inserted in the database. However, there's a chance the term is empty after the DB sanitization.
This is never checked though and will result in 1) empty terms in the DB and 2) possible OOM issues in
wp_insert_term
when checking if the term name matches an existing one because of usingget_terms
with an empty name argumentThe current PR: