[wp-trac] [WordPress Trac] #11311: kses converts ampersands to & in post titles, post content, and more

[WordPress Trac]

#11311: kses converts ampersands to & in post titles, post content, and more
----------------------------+-----------------------------
 Reporter:  Viper007Bond    |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Future Release
Component:  Administration  |     Version:  2.9
 Severity:  normal          |  Resolution:
 Keywords:  needs-patch     |
----------------------------+-----------------------------
Changes (by boonebgorges):

 * cc: boonebgorges@… (added)


Comment:

 I just ran into this issue with tax terms. I had created a term 'Foo &
 Bar' using `wp_insert_term()`. I then later wanted to fetch it using
 `get_term_by( 'name' )`. But this failed, because the ampersand was not
 being translated in `get_term_by()`. I was able to work around the issue
 by doing (roughly)

 {{{
 $sanitized_name = sanitize_term_field( 'name', $value, 0, $tax, 'db );
 $term = get_term_by( 'name', $sanitized_name );
 }}}

 I'm surprised this isn't coming up elsewhere in WP - I guess similar
 sanitization must already be in place - but it does seem as if it should
 be happening in `get_term_by()`, as the SQL query is built (assuming the
 underlying encoding issue in the OP can't be fixed for backward
 compatibility reasons).

--
Ticket URL: <http://core.trac.wordpress.org/ticket/11311#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software