Skip to content

Taxonomy: Check for empty term after DB sanitization in wp_insert_term #5722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
fgiannar wants to merge 6 commits into from
Closed

Taxonomy: Check for empty term after DB sanitization in wp_insert_term #5722

fgiannar wants to merge 6 commits into from

Conversation

@fgiannar
Copy link

@fgiannar fgiannar commented Dec 1, 2023

When inserting a new term in the database, wp_insert_term will check if the term is empty and return a corresponding error.
Afterwards the term is sanitized and inserted in the database. However, there's a chance the term is empty after the DB sanitization.
This is never checked though and will result in 1) empty terms in the DB and 2) possible OOM issues in wp_insert_term when checking if the term name matches an existing one because of using get_terms with an empty name argument

The current PR:

  • Adds a check for empty term name after the term is sanitized and returns an error if the term is empty.
  • Adds a corresponding unit test

Trac ticket: https://core.trac.wordpress.org/ticket/59995

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

@github-actions
Copy link

github-actions bot commented Dec 1, 2023

Hi @fgiannar! 👋

Thank you for your contribution to WordPress! 💖

It looks like this is your first pull request to wordpress-develop. Here are a few things to be aware of that may help you out!

No one monitors this repository for new pull requests. Pull requests must be attached to a Trac ticket to be considered for inclusion in WordPress Core. To attach a pull request to a Trac ticket, please include the ticket's full URL in your pull request description.

Pull requests are never merged on GitHub. The WordPress codebase continues to be managed through the SVN repository that this GitHub repository mirrors. Please feel free to open pull requests to work on any contribution you are making.

More information about how GitHub pull requests can be used to contribute to WordPress can be found in this blog post.

Please include automated tests. Including tests in your pull request is one way to help your patch be considered faster. To learn about WordPress' test suites, visit the Automated Testing page in the handbook.

If you have not had a chance, please review the Contribute with Code page in the WordPress Core Handbook.

The Developer Hub also documents the various coding standards that are followed:

Thank you,
The WordPress Project

fgiannar
fgiannar commented Dec 1, 2023
View reviewed changes
Copy link
Author

@fgiannar fgiannar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo

fgiannar
fgiannar commented Dec 1, 2023
View reviewed changes
fgiannar
fgiannar commented Dec 1, 2023
View reviewed changes
kraftbj
kraftbj reviewed Dec 1, 2023
View reviewed changes
kraftbj
kraftbj approved these changes Dec 1, 2023
View reviewed changes
Copy link

@kraftbj kraftbj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This tests well for me with a dirty term name. Hotfixing in a production environment also resulted in expected change without any known regressions at this time. Unit test appears sufficient along side existing tests checking valid term names.

fgiannar
fgiannar commented Dec 4, 2023
View reviewed changes
@SergeyBiryukov
Copy link
Member

SergeyBiryukov commented Jan 8, 2024

Thanks for the PR! Merged in r57251.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@kraftbj kraftbj kraftbj approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fgiannar @SergeyBiryukov @kraftbj