50568 improve wp term's sanitization calls

src/wp-includes/category.php

@@ -249,34 +249,6 @@ function cat_is_ancestor_of( $cat1, $cat2 ) {
 	return term_is_ancestor_of( $cat1, $cat2, 'category' );
 }
 
-/**
- * Sanitizes category data based on context.
- *
- * @since 2.3.0
- *
- * @param object|array $category Category data.
- * @param string       $context  Optional. Default 'display'.
- * @return object|array Same type as $category with sanitized data for safe use.
- */
-function sanitize_category( $category, $context = 'display' ) {
-	return sanitize_term( $category, 'category', $context );
-}
-
-/**
- * Sanitizes data in single category key field.
- *
- * @since 2.3.0
- *
- * @param string $field   Category key to sanitize.
- * @param mixed  $value   Category value to sanitize.
- * @param int    $cat_id  Category ID.
- * @param string $context What filter to use, 'raw', 'display', etc.
- * @return mixed Value after $value has been sanitized.
- */
-function sanitize_category_field( $field, $value, $cat_id, $context ) {
-	return sanitize_term_field( $field, $value, $cat_id, 'category', $context );
-}
-
 /* Tags */
 
 /**

src/wp-includes/class-wp-term.php

@@ -181,10 +181,7 @@ public static function get_instance( $term_id, $taxonomy = null ) {
 			}
 		}
 
-		$term_obj = new WP_Term( $_term );
-		$term_obj->filter( $term_obj->filter );
-
-		return $term_obj;
+		return new WP_Term( $_term );
 	}
 
 	/**
@@ -208,7 +205,16 @@ public function __construct( $term ) {
 	 * @param string $filter Filter context. Accepts 'edit', 'db', 'display', 'attribute', 'js', 'rss', or 'raw'.
 	 */
 	public function filter( $filter ) {
-		sanitize_term( $this, $this->taxonomy, $filter );
+		if ( $this->filter === $filter ) {
+
+			return $this;
+		}
+		if ( 'raw' === $filter ) {
+
+			return self::get_instance( $this->term_id );
+		}
+
+		return sanitize_term( $this, $this->taxonomy, $filter );
 	}
 
 	/**

src/wp-includes/deprecated.php

@@ -5891,9 +5891,10 @@ function _wp_theme_json_webfonts_handler() {
 function print_embed_styles() {
 	_deprecated_function( __FUNCTION__, '6.4.0', 'wp_enqueue_embed_styles' );
 
-	$suffix = SCRIPT_DEBUG ? '' : '.min';
+	$type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"';
+	$suffix    = SCRIPT_DEBUG ? '' : '.min';
 	?>
-	<style>
+	<style<?php echo $type_attr; ?>>
 		<?php echo file_get_contents( ABSPATH . WPINC . "/css/wp-embed-template$suffix.css" ); ?>
 	</style>
 	<?php
@@ -5915,8 +5916,9 @@ function print_emoji_styles() {
 
 	$printed = true;
 
+	$type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"';
 	?>
-	<style>
+	<style<?php echo $type_attr; ?>>
 	img.wp-smiley,
 	img.emoji {
 		display: inline !important;
@@ -5941,8 +5943,9 @@ function print_emoji_styles() {
  */
 function wp_admin_bar_header() {
 	_deprecated_function( __FUNCTION__, '6.4.0', 'wp_enqueue_admin_bar_header_styles' );
+	$type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"';
 	?>
-	<style media="print">#wpadminbar { display:none; }</style>
+	<style<?php echo $type_attr; ?> media="print">#wpadminbar { display:none; }</style>
 	<?php
 }
 
@@ -5954,8 +5957,9 @@ function wp_admin_bar_header() {
  */
 function _admin_bar_bump_cb() {
 	_deprecated_function( __FUNCTION__, '6.4.0', 'wp_enqueue_admin_bar_bump_styles' );
+	$type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"';
 	?>
-	<style media="screen">
+	<style<?php echo $type_attr; ?> media="screen">
 	html { margin-top: 32px !important; }
 	@media screen and ( max-width: 782px ) {
 	  html { margin-top: 46px !important; }

src/wp-includes/taxonomy.php

@@ -986,9 +986,11 @@ function get_term( $term, $taxonomy = '', $output = OBJECT, $filter = 'raw' ) {
 	if ( $term instanceof WP_Term ) {
 		$_term = $term;
 	} elseif ( is_object( $term ) ) {
-		if ( empty( $term->filter ) || 'raw' === $term->filter ) {
+		if ( empty( $term->filter ) ) {
 			$_term = sanitize_term( $term, $taxonomy, 'raw' );
 			$_term = new WP_Term( $_term );
+		} elseif ( 'raw' === $term->filter ) {
+			$_term = new WP_Term( $term );
 		} else {
 			$_term = WP_Term::get_instance( $term->term_id );
 		}
@@ -1714,32 +1716,42 @@ function term_is_ancestor_of( $term1, $term2, $taxonomy ) {
  * @param array|object $term     The term to check.
  * @param string       $taxonomy The taxonomy name to use.
  * @param string       $context  Optional. Context in which to sanitize the term.
- *                               Accepts 'raw', 'edit', 'db', 'display', 'rss',
+ *                               Accepts 'edit', 'db', 'display', 'rss',
  *                               'attribute', or 'js'. Default 'display'.
  * @return array|object Term with all fields sanitized.
  */
 function sanitize_term( $term, $taxonomy, $context = 'display' ) {
 	$fields = array( 'term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group', 'term_taxonomy_id', 'object_id' );
 
-	$do_object = is_object( $term );
-
-	$term_id = $do_object ? $term->term_id : ( $term['term_id'] ?? 0 );
-
-	foreach ( (array) $fields as $field ) {
-		if ( $do_object ) {
+	if ( is_object( $term ) ) {
+		// Check if term already filtered for this context.
+		if ( isset( $term->filter ) && $context === $term->filter ) {
+			return $term;
+		}
+		if ( ! isset( $term->term_id ) ) {
+			$term->term_id = 0;
+		}
+		foreach ( (array) $fields as $field ) {
 			if ( isset( $term->$field ) ) {
-				$term->$field = sanitize_term_field( $field, $term->$field, $term_id, $taxonomy, $context );
+
+				$term->$field = sanitize_term_field( $field, $term->$field, $term->term_id, $taxonomy, $context );
 			}
-		} else {
+		}
+		$term->filter = $context;
+	} elseif ( is_array( $term ) ) {
+		// Check if term already filtered for this context.
+		if ( isset( $term['filter'] ) && $context === $term['filter'] ) {
+			return $term;
+		}
+		if ( ! isset( $term['term_id'] ) ) {
+			$term['term_id'] = 0;
+		}
+		foreach ( (array) $fields as $field ) {
 			if ( isset( $term[ $field ] ) ) {
-				$term[ $field ] = sanitize_term_field( $field, $term[ $field ], $term_id, $taxonomy, $context );
+				$term[ $field ] = sanitize_term_field( $field, $term[ $field ], $term['term_id'], $taxonomy, $context );
 			}
 		}
-	}
 
-	if ( $do_object ) {
-		$term->filter = $context;
-	} else {
 		$term['filter'] = $context;
 	}
 
@@ -1815,6 +1827,10 @@ function sanitize_term_field( $field, $value, $term_id, $taxonomy, $context ) {
 
 		if ( 'description' === $field ) {
 			$value = esc_html( $value ); // textarea_escaped
+		} elseif ( 'slug' === $field ) {
+			$value = sanitize_title( $value );
+		} elseif ( in_array( $field, $int_fields, true ) ) {
+			$value = (int) $value;
 		} else {
 			$value = esc_attr( $value );
 		}
@@ -1882,6 +1898,10 @@ function sanitize_term_field( $field, $value, $term_id, $taxonomy, $context ) {
 		 * @param mixed $value Value of the taxonomy field.
 		 */
 		$value = apply_filters( "{$taxonomy}_{$field}_rss", $value );
+
+		if ( 'slug' === $field ) {
+			$value = sanitize_title( $value );
+		}
 	} else {
 		// Use display filters by default.
 
@@ -1912,6 +1932,10 @@ function sanitize_term_field( $field, $value, $term_id, $taxonomy, $context ) {
 		 * @param string $context Context to retrieve the taxonomy field value.
 		 */
 		$value = apply_filters( "{$taxonomy}_{$field}", $value, $term_id, $context );
+
+		if ( 'slug' === $field ) {
+			$value = sanitize_title( $value );
+		}
 	}
 
 	if ( 'attribute' === $context ) {
@@ -1922,7 +1946,7 @@ function sanitize_term_field( $field, $value, $term_id, $taxonomy, $context ) {
 
 	// Restore the type for integer fields after esc_attr().
 	if ( in_array( $field, $int_fields, true ) ) {
-		$value = (int) $value;
+		$value = absint( $value );
 	}
 
 	return $value;