Don't double-escape terms payload in WP_Tax_Query::transform_query().

`terms` values are passed through `sanitize_term_field()` with the 'db'
flag, which add slashes. Because `terms` are subsequently run through
`esc_sql()`, these slashes must be removed. See [36348], which added
a similar step to sanitization in `get_terms()`.

Props bcworkz.
Fixes #39315.

git-svn-id: https://develop.svn.wordpress.org/trunk@39662 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/class-wp-tax-query.php

@@ -623,7 +623,12 @@ class WP_Tax_Query {
 					 * matter because `sanitize_term_field()` ignores the $term_id param when the
 					 * context is 'db'.
 					 */
-					$term = "'" . esc_sql( sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ) ) . "'";
+					$clean_term = sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' );
+
+					// Match sanitization in wp_insert_term().
+					$clean_term = wp_unslash( $clean_term );
+
+					$term = "'" . esc_sql( $clean_term ) . "'";
 				}
 
 				$terms = implode( ",", $query['terms'] );

tests/phpunit/tests/query/taxQuery.php

@@ -1380,4 +1380,33 @@ class Tests_Query_TaxQuery extends WP_UnitTestCase {
 
 		_unregister_taxonomy( 'foo' );
 	}
+
+	/**
+	 * @ticket 39315
+	 */
+	public function test_tax_terms_should_not_be_double_escaped() {
+		$name = "Don't worry be happy";
+
+		register_taxonomy( 'wptests_tax', 'post' );
+		$t = self::factory()->term->create( array(
+			'taxonomy' => 'wptests_tax',
+			'name' => $name,
+		) );
+
+		$p = self::factory()->post->create();
+		wp_set_object_terms( $p, array( $t ), 'wptests_tax' );
+
+		$q = new WP_Query( array(
+			'fields' => 'ids',
+			'tax_query' => array(
+				array(
+					'taxonomy' => 'wptests_tax',
+					'field' => 'name',
+					'terms' => $name,
+				),
+			),
+		) );
+
+		$this->assertEqualSets( array( $p ), $q->posts );
+	}
 }