[wp-trac] [WordPress Trac] #59995: Taxonomy: Check for empty term after DB sanitization in wp_insert_term
WordPress Trac
noreply at wordpress.org
Fri Dec 1 09:19:07 UTC 2023
#59995: Taxonomy: Check for empty term after DB sanitization in wp_insert_term
--------------------------+-----------------------------
Reporter: fgiannar | Owner: fgiannar
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Taxonomy | Version:
Severity: major | Keywords:
Focuses: |
--------------------------+-----------------------------
When inserting a new term in the database, `wp_insert_term` will check if
the term is empty and return a corresponing error.
Afterwards the term is sanitized and inserted in the database. However,
there's a chance the term is empty after the DB sanitization.
This is never checked though and will result in 1) empty terms in the DB
and 2) possible OOM issues in `wp_insert_term` when checking if the term
name matches an existing one because of using `get_terms` with an empty
name argument
Example: `wp_insert_term( '<script>Yo</script>', 'post_tag' )`;
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59995>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list