[wp-trac] [WordPress Trac] #37009: When two different tags generate the same slug, the second tag is rejected
WordPress Trac
noreply at wordpress.org
Mon Jun 6 22:21:39 UTC 2016
#37009: When two different tags generate the same slug, the second tag is rejected
------------------------------+---------------------------
Reporter: michael.costanza | Owner: boonebgorges
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.6
Component: Taxonomy | Version: 4.5.2
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------+---------------------------
Comment (by boonebgorges):
[attachment:37009.diff] starts to move to the more precise
`get_term_by()`, but it's still broken.
When you query for `slug` - in `term_exists()`, `get_term_by()`, or
`get_terms()` - the value is passed through `sanitize_title()`. This
sanitization is done on the way into the database to ensure that the slug
is URL-safe. It's done while querying mostly to avoid SQL injection
issues. This mixing of concerns makes it impossible to do a strict query
for a slug match: `get_term_by( 'slug', '$foo' )` will return a term with
the slug `foo`. This pretty clearly seems wrong.
Ideally, we would stop doing so much heavy sanitization on values passed
to `get_term_by()` and `get_terms()`, so that we would stop getting false-
positive matches for things like `$foo`/`foo`. Simply removing the
`sanitize_title()` sanitization would probably solve the immediate
problem, but has compatibility ramifications for plugins that are
expecting the current fuzzy matching. My inclination is to stop supporting
fuzzy matches in the case of `get_term_by()`, because the nature of the
function is such that (IMO) you should expect exact matches only. But a
second opinion would be helpful here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37009#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list