[wp-trac] [WordPress Trac] #54840: wp_insert_term sanitizes attribute names, while term_exists does not before checking names
WordPress Trac
noreply at wordpress.org
Mon Jan 24 06:25:10 UTC 2022
#54840: wp_insert_term sanitizes attribute names, while term_exists does not before
checking names
-------------------------------------------------+-------------------------
Reporter: Dekadinious | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.0
Component: Taxonomy | Version: 5.8.2
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs- | Focuses:
testing has-testing-info |
-------------------------------------------------+-------------------------
Comment (by Dekadinious):
Replying to [comment:3 costdev]:
> PR added with unit tests. Milestoning for 6.0.
I don't know if this should be posted here as a comment, or if a new
ticket should be created, but this seems to happen with get_terms() also.
If you choose to fetch by name but don't run esc_attr() first, it will not
find a term with single quotes in it. One would think get_terms() would
find a term inserted by wp_insert_term() without modifications.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54840#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list