From 6912d6fe64bc85e55997dd9f1bf13e91f3149f38 Mon Sep 17 00:00:00 2001 From: Boone Gorges Date: Mon, 12 Oct 2015 15:13:24 +0000 Subject: [PATCH] Be stricter about sanitizing values coming out of `WP_Term`. Data passed into `get_instance()` should be run through `sanitize_term()` before being used. See #34262. Built from https://develop.svn.wordpress.org/trunk@35031 git-svn-id: http://core.svn.wordpress.org/trunk@34996 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-term.php | 10 ++++------ wp-includes/version.php | 2 +- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/wp-includes/class-wp-term.php b/wp-includes/class-wp-term.php index 7c17130120..f170dcf3b5 100644 --- a/wp-includes/class-wp-term.php +++ b/wp-includes/class-wp-term.php @@ -139,7 +139,10 @@ final class WP_Term { wp_cache_add( $term_id, $_term, 'terms' ); } - return new WP_Term( $_term ); + $term_obj = new WP_Term( $_term ); + $term_obj->filter( $term_obj->filter ); + + return $term_obj; } /** @@ -165,11 +168,6 @@ final class WP_Term { * @param string $filter Filter context. Accepts 'edit', 'db', 'display', 'attribute', 'js', 'raw'. */ public function filter( $filter ) { - // Term has already been filtered - nothing more to do. - if ( isset( $this->filter ) && $this->filter === $filter ) { - return; - } - sanitize_term( $this, $this->taxonomy, $filter ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 0562d9c914..bddd3ce602 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-35030'; +$wp_version = '4.4-alpha-35031'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.