From f744ee189eb337c3dd0a01adb11506575c1562d8 Mon Sep 17 00:00:00 2001
From: Boone Gorges <boonebgorges@git.wordpress.org>
Date: Mon, 3 Nov 2014 14:24:23 +0000
Subject: [PATCH] In `in_object_in_term()`, only check numeric string values
 against term_id.

The previous `in_array()` check was playing too loose with mixed types, such
that a string like '10_term_name' would incorrectly match a term_id 10.

Props nobinobi, realloc.
Fixes #29467.

git-svn-id: https://develop.svn.wordpress.org/trunk@30205 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/taxonomy.php                | 17 +++++++++++++----
 tests/phpunit/tests/term/isObjectInTerm.php | 19 +++++++++++++++++++
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/src/wp-includes/taxonomy.php b/src/wp-includes/taxonomy.php
index b1da6f109f..65ab7ba0d7 100644
--- a/src/wp-includes/taxonomy.php
+++ b/src/wp-includes/taxonomy.php
@@ -4262,11 +4262,20 @@ function is_object_in_term( $object_id, $taxonomy, $terms = null ) {
 		$strs =& $terms;
 
 	foreach ( $object_terms as $object_term ) {
-		if ( $ints && in_array( $object_term->term_id, $ints ) ) return true; // If int, check against term_id
+		// If term is an int, check against term_ids only.
+		if ( $ints && in_array( $object_term->term_id, $ints ) ) {
+			return true;
+		}
+
 		if ( $strs ) {
-			if ( in_array( $object_term->term_id, $strs ) ) return true;
-			if ( in_array( $object_term->name, $strs ) )    return true;
-			if ( in_array( $object_term->slug, $strs ) )    return true;
+			// Only check numeric strings against term_id, to avoid false matches due to type juggling.
+			$numeric_strs = array_map( 'intval', array_filter( $strs, 'is_numeric' ) );
+			if ( in_array( $object_term->term_id, $numeric_strs, true ) ) {
+				return true;
+			}
+
+			if ( in_array( $object_term->name, $strs ) ) return true;
+			if ( in_array( $object_term->slug, $strs ) ) return true;
 		}
 	}
 
diff --git a/tests/phpunit/tests/term/isObjectInTerm.php b/tests/phpunit/tests/term/isObjectInTerm.php
index 26513ea3ea..d6e2940066 100644
--- a/tests/phpunit/tests/term/isObjectInTerm.php
+++ b/tests/phpunit/tests/term/isObjectInTerm.php
@@ -81,4 +81,23 @@ class Tests_IsObjectInTerm extends WP_UnitTestCase {
 
 		_unregister_taxonomy( 'wptests_tax', 'post' );
 	}
+
+	/**
+	 * @ticket 29467
+	 */
+	public function test_should_not_return_true_if_term_name_begins_with_existing_term_id() {
+		register_taxonomy( 'wptests_tax', 'post' );
+		$t = $this->factory->term->create( array( 'taxonomy' => 'wptests_tax' ) );
+
+		$post_ID  = $this->factory->post->create();
+		wp_set_object_terms( $post_ID, $t, 'wptests_tax' );
+
+		$int_tax_name = $t . '_term_name';
+
+		$this->assertFalse( is_object_in_term( $post_ID, 'wptests_tax', $int_tax_name ) );
+
+		// Verify it works properly when the post is actually in the term.
+		wp_set_object_terms( $post_ID, array( $int_tax_name ), 'wptests_tax' );
+		$this->assertTrue( is_object_in_term( $post_ID, 'wptests_tax', $int_tax_name ) );
+	}
 }