[wp-trac] [WordPress Trac] #6934: wp_insert_post and % in name

WordPress Trac wp-trac at lists.automattic.com
Thu May 8 10:00:54 GMT 2008


#6934: wp_insert_post and % in name
---------------------+------------------------------------------------------
 Reporter:  libc     |       Owner:  anonymous     
     Type:  defect   |      Status:  new           
 Priority:  normal   |   Milestone:  2.7           
Component:  General  |     Version:  2.5.1         
 Severity:  normal   |    Keywords:  wp_insert_post
---------------------+------------------------------------------------------
 I'm writing import plugin.

 post_title is “!ViewSonic® Redefines Visual Technology Leadership with
 Introduction of Supe
 rPDA and Tablet PC Products” (UTF-8)
 wp_insert_post assigns post_name “viewsonic%c2%ae-redefines-visual-
 technology-leadership-with-introduction-of-superpda-and-tablet-pc-
 products”.

 and ([source:tags/2.5.1/wp-includes/post.php at 7906#L1282 here])
 {{{
         if ( 'draft' != $post_status ) {
                 $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT
 post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID
 != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID,
 $post_parent));

                 if ($post_name_check || in_array($post_name,
 $wp_rewrite->feeds) ) {
                         $suffix = 2;
                         do {
                                 $alt_post_name = substr($post_name, 0,
 200-(strlen($suffix)+1)). "-$suffix";
                                 // expected_slashed ($alt_post_name,
 $post_name, $post_type)
                                 $post_name_check =
 $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE
 post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != %d AND
 post_parent = %d LIMIT 1", $post_ID, $post_parent));
                                 $suffix++;
                         } while ($post_name_check);
                         $post_name = $alt_post_name;
                 }
         }
 }}}

 when it calls $wpdb->prepare, it pass arguments to vsprintf, and it wanted
 more arguments, than I provide (becase of %c).
 and $wpdb->prepare returns false. so this loop became infinite…

 My temporary solution is
 {{{
 $alt_post_name = str_replace('%', '%%', substr($post_name, 0,
 200-(strlen($suffix)+1)). "-$suffix");
 }}}

 but it's not adequate, because original $post_name_check fails, but should
 not. (good solution IMHO should be proper sanitize_title)
 I tested it in 2.5 and 2.5.1.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/6934>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list