get_terms : name_like query parameter not escaped

  • Hi !

    I’ve had a problem querying a term from a custom taxonomy using get_terms() :

    $query_term = array(    'parent'        => $last_id,
                        'name__like'    => $term_name
);
$cat_term_obj = get_terms($tax, $query_term);

    $cat_term_obj contains the right object *except* when the queried term name contains an “&” character.

    It seems ‘name__like’ is not escaped by get_terms before querying the database (the term is inserted by wp_insert_term which escapes all fields).

    So I used the following trick to resolve the issue:

    $query_term = array(    'parent'        => $last_id,
                        'name__like'    => esc_attr($term_name)
);
$cat_term_obj = get_terms($tax, $query_term);

    Don’t know if this is a bug or a “by design” situation so I share it with you.

    Looic.

  • The topic ‘get_terms : name_like query parameter not escaped’ is closed to new replies.