Improve sanitization of 'name' param in `get_terms()`.

Values of 'name' that contain db-encoded character on insert - like an
ampersand, which is HTML-encoded in the database - will only match if they go
through the same `sanitize_term_field()` routine.

Fixes #32248.

git-svn-id: https://develop.svn.wordpress.org/trunk@32353 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/taxonomy.php

@@ -1857,13 +1857,12 @@ function get_terms( $taxonomies, $args = '' ) {
 	}
 
 	if ( ! empty( $args['name'] ) ) {
-		if ( is_array( $args['name'] ) ) {
-			$name = array_map( 'sanitize_text_field', $args['name'] );
-			$where .= " AND t.name IN ('" . implode( "', '", array_map( 'esc_sql', $name ) ) . "')";
-		} else {
-			$name = sanitize_text_field( $args['name'] );
-			$where .= $wpdb->prepare( " AND t.name = %s", $name );
+		$names = (array) $args['name'];
+		foreach ( $names as &$_name ) {
+			$_name = sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' );
 		}
+
+		$where .= " AND t.name IN ('" . implode( "', '", array_map( 'esc_sql', $names ) ) . "')";
 	}
 
 	if ( ! empty( $args['slug'] ) ) {

tests/phpunit/tests/term/getTerms.php

@@ -540,6 +540,34 @@ class Tests_Term_getTerms extends WP_UnitTestCase {
 		$this->assertEqualSets( array( $t3, $t1 ), $found );
 	}
 
+	/**
+	 * @ticket 32248
+	 */
+	public function test_name_should_match_encoded_html_entities() {
+		register_taxonomy( 'wptests_tax', 'post' );
+
+		$t = $this->factory->term->create( array(
+			'taxonomy' => 'wptests_tax',
+			'name' => 'Foo & Bar',
+			'slug' => 'foo-and-bar',
+		) );
+
+		$found = get_terms( 'wptests_tax', array(
+			'hide_empty' => false,
+			'fields' => 'ids',
+			'name' => 'Foo & Bar',
+		) );
+		$this->assertEqualSets( array( $t ), $found );
+
+		// array format.
+		$found = get_terms( 'wptests_tax', array(
+			'hide_empty' => false,
+			'fields' => 'ids',
+			'name' => array( 'Foo & Bar' ),
+		) );
+		$this->assertEqualSets( array( $t ), $found );
+	}
+
 	/**
 	 * @ticket 29839
 	 */