[wp-trac] [WordPress Trac] #39315: WP_Tax_Query::transform_query() double escapes name term arguments
WordPress Trac
noreply at wordpress.org
Mon Jan 2 19:38:17 UTC 2017
#39315: WP_Tax_Query::transform_query() double escapes name term arguments
-------------------------------------+---------------------------
Reporter: bcworkz | Owner: boonebgorges
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.8
Component: Query | Version: 4.7
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+---------------------------
Changes (by boonebgorges):
* owner: => boonebgorges
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"39662"]:
{{{
#!CommitTicketReference repository="" revision="39662"
Don't double-escape `terms` payload in `WP_Tax_Query::transform_query()`.
`terms` values are passed through `sanitize_term_field()` with the 'db'
flag, which add slashes. Because `terms` are subsequently run through
`esc_sql()`, these slashes must be removed. See [36348], which added
a similar step to sanitization in `get_terms()`.
Props bcworkz.
Fixes #39315.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39315#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list