From fc4b17a5d2793f80bb6ce623aa428f47d05e255d Mon Sep 17 00:00:00 2001 From: Boone Gorges Date: Mon, 3 Nov 2014 14:25:44 +0000 Subject: [PATCH] In `in_object_in_term()`, only check numeric string values against term_id. The previous `in_array()` check was playing too loose with mixed types, such that a string like '10_term_name' would incorrectly match a term_id 10. Props nobinobi, realloc. Fixes #29467. Built from https://develop.svn.wordpress.org/trunk@30205 git-svn-id: http://core.svn.wordpress.org/trunk@30205 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/taxonomy.php | 17 +++++++++++++---- wp-includes/version.php | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index b1da6f109f..65ab7ba0d7 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -4262,11 +4262,20 @@ function is_object_in_term( $object_id, $taxonomy, $terms = null ) { $strs =& $terms; foreach ( $object_terms as $object_term ) { - if ( $ints && in_array( $object_term->term_id, $ints ) ) return true; // If int, check against term_id + // If term is an int, check against term_ids only. + if ( $ints && in_array( $object_term->term_id, $ints ) ) { + return true; + } + if ( $strs ) { - if ( in_array( $object_term->term_id, $strs ) ) return true; - if ( in_array( $object_term->name, $strs ) ) return true; - if ( in_array( $object_term->slug, $strs ) ) return true; + // Only check numeric strings against term_id, to avoid false matches due to type juggling. + $numeric_strs = array_map( 'intval', array_filter( $strs, 'is_numeric' ) ); + if ( in_array( $object_term->term_id, $numeric_strs, true ) ) { + return true; + } + + if ( in_array( $object_term->name, $strs ) ) return true; + if ( in_array( $object_term->slug, $strs ) ) return true; } } diff --git a/wp-includes/version.php b/wp-includes/version.php index 2881baa92c..04c268b828 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.1-alpha-30204'; +$wp_version = '4.1-alpha-30205'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.