[wp-trac] [WordPress Trac] #39315: WP_Tax_Query::transform_query() double escapes name term arguments
WordPress Trac
noreply at wordpress.org
Thu Dec 29 21:55:20 UTC 2016
#39315: WP_Tax_Query::transform_query() double escapes name term arguments
-------------------------------------+------------------
Reporter: bcworkz | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.8
Component: Query | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------
Changes (by boonebgorges):
* keywords: => has-patch needs-testing
* milestone: Awaiting Review => 4.8
Comment:
@bcworkz Thanks for the ticket and for the diagnosis.
The principle in previous cases has been to apply the same sanitization at
the time of *query* as what's applied at the time of *insertion*. So what
we're trying to match here is
https://core.trac.wordpress.org/browser/tags/4.7/src/wp-
includes/taxonomy.php?marks=1992,1995#L1989 - `sanitize_term_field()` +
`wp_unslash()`. The case is very similar to #35493.
In an ideal world, the sanitization-juggling would be less insane, but I
think that [attachment:39315.diff] is our best alternative in the actual
world. What do you think?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39315#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list