Changes between Initial Version and Version 1 of Ticket #65055, comment 6
- Timestamp:
- 04/14/2026 10:06:02 AM (2 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #65055, comment 6
initial v1 4 4 > Thanks @liaison! agreed on the alignment with _update_post_term_count(). The updated patch incorporating post_type_exists() filtering looks solid. 5 5 6 Test Report :7 8 I verified the fix using a zero-dependency test script t hat loads the core wp-includes/taxonomy.php while mocking the databaseenvironment.6 Test Report 7 Summary: 8 I verified the fix using a zero-dependency test script to confirm the patch logic locally before implementing formal PHPUnit test cases for the GitHub CI suite. This script loads the core wp-includes/taxonomy.php directly while mocking the database and global environment. 9 9 10 10 Before Patch: 11 The logic uses direct string interpolation and includes unregistered post types in the query.11 The logic uses direct string interpolation and includes unregistered/invalid post types in the query. 12 12 13 Method: get_results 14 Query: ... AND post_type IN ('post', 'ghost_type') ... 15 ❌ FAILED: 'ghost_type' present in raw SQL string. 13 Method: wpdb::get_results (Direct string) 14 15 Captured Query: ... AND post_type IN ('post', 'ghost_type') ... 16 17 Result: ❌ FAILED: 'ghost_type' (unregistered) is present in the raw SQL string. 18 16 19 After Patch: 17 The logic now correctly filters post types via post_type_exists() and u ses wpdb::prepare() for the finalquery.20 The logic now correctly filters post types via post_type_exists() and utilizes wpdb::prepare() for a safer, parameterized query. 18 21 19 Method: prepare 20 Arguments: 123, post 21 ✅ SUCCESS: 'ghost_type' filtered from prepare arguments. 22 Method: wpdb::prepare 22 23 24 Captured Arguments: 123, post 25 26 Result: ✅ SUCCESS: 'ghost_type' was successfully filtered, and only valid post types are passed to the prepare arguments. 23 27 test-65055-sql-filter.php 24 28 {{{#!php