[wp-trac] [WordPress Trac] #22700: Walker_Category_Checklist should sometimes set the value as the term name
WordPress Trac
noreply at wordpress.org
Thu May 21 19:35:33 UTC 2015
#22700: Walker_Category_Checklist should sometimes set the value as the term name
---------------------------------+-----------------------------
Reporter: simonwheatley | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Taxonomy | Version: 3.0
Severity: normal | Resolution: wontfix
Keywords: has-patch 4.1-early | Focuses: administration
---------------------------------+-----------------------------
Changes (by boonebgorges):
* status: new => closed
* resolution: => wontfix
* milestone: Future Release =>
Comment:
We can't change the current behavior, for [comment:11 the reasons helen
spells out above].
Anyone who is doing this is doing something wrong:
{{{
$foo_term_ids = $_POST['tax_input']['foo'];
wp_update_post_terms( $post_id, $foo_term_ids );
}}}
Scalar data from form POSTs is always going to be strings. When you handle
this data, you should be sanitizing it first: `$foo_term_ids = array_map(
'intval', $_POST['tax_input']['foo'] )`. Ideally, our functions that build
markup to be used in forms will provide POST data that will be easy to
parse on the server, but the ultimate responsibility for sanitization lies
with the parsing function. And if you are relying on `edit_post()` to save
form data from your custom metaboxes, then you are a cheater :)
As a side note, the real design flaw here is that `wp_set_post_terms()`
does the `intval` map for you in the case of hierarchical taxonomies. That
work really ought to be done in form-handling functions, not business
functions.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/22700#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list