[wp-trac] [WordPress Trac] #17689: Terms should not be sanitized inside term_exists()
WordPress Trac
wp-trac at lists.automattic.com
Sun Jun 5 03:49:48 UTC 2011
#17689: Terms should not be sanitized inside term_exists()
--------------------------+-----------------------------
Reporter: blepoxp | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Taxonomy | Version: 3.2
Severity: normal | Keywords: has-patch
--------------------------+-----------------------------
When adding a term to a post, the title of the term is sent through
term_exists(). If term_exists finds and returns the ID of an existing term
for the passed taxonomy, that ID is added to the post object. If no term
is found, it returns false and a new term is created for that taxonomy
with the same title that was passed to term_exists().
The problem is that term_exists() uses sanitize_title($term) on line 1457
of wp-includes/taxonomy.php while wp_insert_term uses stripslashes($name)
on line 1985 of the same file.
This doesn't cause a problem in many circumstances, but if the term title
happens to be something like $$$, that means it will always be added
correctly in wp_insert_term() but never found as existing in
term_exists(). The result is that every time you add $$$$ to another post
it gets added as a new term with a unique slug so that you have several
terms with the title $$$$ for the same taxonomy but different IDs.
The attached patch corrects that by passing the term title through
stripslashes in term_exists() rather than through sanitize_title().
I haven't found any undesired side effects in testing.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17689>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list