From c1c0759ab045fc65d0a9ab46ad8e0872762a7a34 Mon Sep 17 00:00:00 2001 From: Nikolay Bachiyski Date: Wed, 30 Mar 2016 17:12:08 +0000 Subject: [PATCH] Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction. git-svn-id: https://develop.svn.wordpress.org/trunk@37133 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/taxonomy.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/wp-includes/taxonomy.php b/src/wp-includes/taxonomy.php index 8fad3d99c1..9323bd9a07 100644 --- a/src/wp-includes/taxonomy.php +++ b/src/wp-includes/taxonomy.php @@ -162,9 +162,9 @@ function get_taxonomies( $args = array(), $output = 'names', $operator = 'and' ) * Example: * * $taxonomies = get_object_taxonomies( 'post' ); - * + * * This results in: - * + * * Array( 'category', 'post_tag' ) * * @since 2.3.0 @@ -747,7 +747,7 @@ function get_objects_in_term( $term_ids, $taxonomies, $args = array() ) { $term_ids = array_map('intval', $term_ids ); - $taxonomies = "'" . implode( "', '", $taxonomies ) . "'"; + $taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'"; $term_ids = "'" . implode( "', '", $term_ids ) . "'"; $object_ids = $wpdb->get_col("SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tt.term_id IN ($term_ids) ORDER BY tr.object_id $order"); @@ -952,7 +952,7 @@ function get_term_by( $field, $value, $taxonomy = '', $output = OBJECT, $filter return $term; } - $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE $_field = %s $tax_clause LIMIT 1", $value ) ); + $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE $_field = %s", $value ) . " $tax_clause LIMIT 1" ); if ( ! $term ) return false; @@ -1357,7 +1357,7 @@ function get_terms( $args = array(), $deprecated = '' ) { $where_conditions = array(); if ( $taxonomies ) { - $where_conditions[] = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')"; + $where_conditions[] = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')"; } $exclude = $args['exclude']; @@ -2544,7 +2544,7 @@ function wp_get_object_terms($object_ids, $taxonomies, $args = array()) { $taxonomy_array = $taxonomies; $object_id_array = $object_ids; - $taxonomies = "'" . implode("', '", $taxonomies) . "'"; + $taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'"; $object_ids = implode(', ', $object_ids); $select_this = '';