From b4d97cc8a76ddd1daf6dffb70907f292342f5dd4 Mon Sep 17 00:00:00 2001 From: Nikolay Bachiyski Date: Wed, 30 Mar 2016 17:13:28 +0000 Subject: [PATCH] Taxonomies: make sure taxonomy functions work correctly with taxonomy names with special characters The codex says that taxonomy names "should only contain lowercase letters and the underscore character", but that's not enforced. It's too late to enforce it, since some plugins haven't been following it and the official phpdoc doesn't mention this restriction. Built from https://develop.svn.wordpress.org/trunk@37133 git-svn-id: http://core.svn.wordpress.org/trunk@37100 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/taxonomy.php | 12 ++++++------ wp-includes/version.php | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index 8fad3d99c1..9323bd9a07 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -162,9 +162,9 @@ function get_taxonomies( $args = array(), $output = 'names', $operator = 'and' ) * Example: * * $taxonomies = get_object_taxonomies( 'post' ); - * + * * This results in: - * + * * Array( 'category', 'post_tag' ) * * @since 2.3.0 @@ -747,7 +747,7 @@ function get_objects_in_term( $term_ids, $taxonomies, $args = array() ) { $term_ids = array_map('intval', $term_ids ); - $taxonomies = "'" . implode( "', '", $taxonomies ) . "'"; + $taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'"; $term_ids = "'" . implode( "', '", $term_ids ) . "'"; $object_ids = $wpdb->get_col("SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tt.term_id IN ($term_ids) ORDER BY tr.object_id $order"); @@ -952,7 +952,7 @@ function get_term_by( $field, $value, $taxonomy = '', $output = OBJECT, $filter return $term; } - $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE $_field = %s $tax_clause LIMIT 1", $value ) ); + $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE $_field = %s", $value ) . " $tax_clause LIMIT 1" ); if ( ! $term ) return false; @@ -1357,7 +1357,7 @@ function get_terms( $args = array(), $deprecated = '' ) { $where_conditions = array(); if ( $taxonomies ) { - $where_conditions[] = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')"; + $where_conditions[] = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')"; } $exclude = $args['exclude']; @@ -2544,7 +2544,7 @@ function wp_get_object_terms($object_ids, $taxonomies, $args = array()) { $taxonomy_array = $taxonomies; $object_id_array = $object_ids; - $taxonomies = "'" . implode("', '", $taxonomies) . "'"; + $taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'"; $object_ids = implode(', ', $object_ids); $select_this = ''; diff --git a/wp-includes/version.php b/wp-includes/version.php index 193ea0baaa..262217baa8 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.5-RC1-37124'; +$wp_version = '4.5-RC1-37133'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.