mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-01 07:40:07 +00:00
Don't double-escape the 'name' param in get_terms().
[32353] changed the way the 'name' param in `get_terms()` is sanitized, by running it through `sanitize_term_field( 'name' )` before performing the SQL query. An unintentional side effect of this change was that the string is double-escaped: once by `wp_filter_kses()`, and once by `esc_sql()`. The double-escaping was causing 'name' queries to fail when the param contained apostrophes or other escaped characters. Fixes #35493. git-svn-id: https://develop.svn.wordpress.org/trunk@36348 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -1354,7 +1354,8 @@ function get_terms( $taxonomies, $args = '' ) {
|
||||
if ( ! empty( $args['name'] ) ) {
|
||||
$names = (array) $args['name'];
|
||||
foreach ( $names as &$_name ) {
|
||||
$_name = sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' );
|
||||
// `sanitize_term_field()` returns slashed data.
|
||||
$_name = stripslashes( sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' ) );
|
||||
}
|
||||
|
||||
$where .= " AND t.name IN ('" . implode( "', '", array_map( 'esc_sql', $names ) ) . "')";
|
||||
|
||||
Reference in New Issue
Block a user