[wp-trac] [WordPress Trac] #57419: Adding terms to a taxonomy with non-latin characters results in PHP notice
WordPress Trac
noreply at wordpress.org
Tue Jan 3 22:21:36 UTC 2023
#57419: Adding terms to a taxonomy with non-latin characters results in PHP notice
--------------------------+-----------------------------
Reporter: jorgeatorres | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Taxonomy | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
When adding terms to a taxonomy that was registered with a name that
contains non-latin characters, adding any terms to the taxonomy will
produce a PHP notice. This, due, to taxonomy names being light in
sanitization vs screen code being too harsh.
We, on the WooCommerce team, encountered this in the context of product
attributes, which are just a product taxonomy. We then confirmed this
happens to all taxonomies having non-latin characters in their name.
[https://core.trac.wordpress.org/ticket/54521 A similar issue], but for
quick edit of terms, was also reported. The code involved is different,
but the core of the issue is again the discrepancy in sanitization of
taxonomy names.
==== Steps to reproduce
1. Register a taxonomy with non-latin characters. For example:
`register_taxonomy( 'tamaño', 'post', array( 'labels' => array( 'name' =>
'tamaño' ) ) );`
2. Create a term in inside this new taxonomy.
3. Term creation succeeds.
4. Confirm that:
- The error log contains a PHP notice along these lines: `PHP Notice:
Trying to get property 'show_ui' of non-object in [...]/wp-admin/includes
/class-wp-terms-list-table.php on line 573`.
- Alternatively, test with the [https://wordpress.org/plugins/query-
monitor/ Query Monitor plugin] active and confirm that the PHP notice is
displayed in the JS console after the AJAX request.
==== Technical details
1. Despite
[https://developer.wordpress.org/reference/functions/register_taxonomy/#parameters
what the codex says], taxonomy names are actually not sanitized when
registering taxonomies with `register_taxonomy()`.
2. When a term is added to a taxonomy,
[https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/ajax-
actions.php#L1069 wp_ajax_add_tag()], which handles the AJAX request, uses
the `$_POST['screen']` to get an instance of the terms list table and
initialize its screen to that value.
2. `_get_list_table()` in turn calls `convert_to_screen()` on this arg to
obtain the screen object.
3. `WP_Screen::get()`, which is called by `convert_to_screen()`, sanitizes
the passed value [https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/includes/class-wp-screen.php#L252 using sanitize_key()] which
removes all non-latin characters.
4. Other checks in `WP_Screen` now fail as the sanitized taxonomy name
obviously doesn't exist.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57419>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list