[wp-trac] [WordPress Trac] #38243: Attempting to create a term with invalid UTF8 characters creates a blank term
WordPress Trac
noreply at wordpress.org
Thu Oct 6 13:52:39 UTC 2016
#38243: Attempting to create a term with invalid UTF8 characters creates a blank
term
--------------------------+-----------------------------
Reporter: dd32 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Taxonomy | Version:
Severity: normal | Keywords: has-patch
Focuses: |
--------------------------+-----------------------------
Attempting to insert a term which contains invalid UTF8 characters will
incorrectly create a term in the database with a blank name & slug. This
happens as we check that the term name & slug is provided, but fail to
check after sanitizing the term.
In the scenario that I've run into, something similar to this happens:
{{{
$term_name = urldecode( "360%BF" ); // Invalid UTF8 character
wp_insert_term( $term_name, 'my_taxonomy' );
}}}
What this causes is
* the checks on `$name` to pass
* it then hits `sanitize_term()` and after passing through
`sanitize_text_field()` and then `wp_check_invalid_utf8()` the `name`
field of the term is set to an empty string.
* `wp_insert_term()` then takes this empty name and creates an equally
empty slug from it.
* `wp_insert_term()` then calls `get_terms( array( 'name' => '' ) )` and
needlessly & badly loads up all 60,000 terms into memory of the custom
taxonomy
* `wp_insert_term()` then see's an empty slug and ultimates settles on a
setting the slug to the numeric ID of the term somehow
* `wp_insert_term()` finally inserts a term with a numeric slug and empty
`name` field
I think at a minimum, we should verify that the term name is still valid
after term sanitisation. See patch for that.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38243>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list