Don't double-escape the 'name' param in get_terms().

[32353] changed the way the 'name' param in `get_terms()` is sanitized, by running it through `sanitize_term_field( 'name' )` before performing the SQL query. An unintentional side effect of this change was that the string is double-escaped: once by `wp_filter_kses()`, and once by `esc_sql()`. The double-escaping was causing 'name' queries to fail when the param contained apostrophes or other escaped characters. Fixes #35493. git-svn-id: https://develop.svn.wordpress.org/trunk@36348 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2016-01-19 04:09:32 +00:00
parent d36d6cc630
commit 5eee5cfc3c
2 changed files with 28 additions and 1 deletions
--- a/tests/phpunit/tests/term/getTerms.php
+++ b/tests/phpunit/tests/term/getTerms.php
@@ -562,6 +562,32 @@ class Tests_Term_getTerms extends WP_UnitTestCase {
 		$this->assertEqualSets( array( $t ), $found );
 	}

+	/**
+	 * @ticket 35493
+	 */
+	public function test_name_should_not_double_escape_apostrophes() {
+		register_taxonomy( 'wptests_tax', 'post' );
+
+		$name = "Foo'Bar";
+
+		$t = self::factory()->term->create( array(
+			'taxonomy' => 'wptests_tax',
+			'name' => $name,
+		) );
+
+		$term = get_term( $t, 'wptests_tax' );
+
+		$this->assertSame( $name, $term->name );
+
+		$found = get_terms( 'wptests_tax', array(
+			'hide_empty' => false,
+			'fields' => 'ids',
+			'name' => $name,
+		) );
+
+		$this->assertEqualSets( array( $t ), $found );
+	}
+
 	/**
 	 * @ticket 29839
 	 */