Taxonomy: Ensure _pad_term_counts() handles post types safely.This commit updates _pad_term_counts() to use $wpdb->prepare() for all database queries, improving security and consistency. Additionally, it introduces a filter using post_type_exists() to ensure that only registered post types are queried, aligning the behavior with _update_post_term_count().Includes comprehensive unit tests to verify the logic and prevent regressions.Fixes #65055.See #11542.

Author: liaisontw

src/wp-includes/taxonomy.php

@@ -4065,8 +4065,20 @@ function _pad_term_counts( &$terms, $taxonomy ) {
 
 	// Get the object and term IDs and stick them in a lookup table.
 	$tax_obj      = get_taxonomy( $taxonomy );
-	$object_types = esc_sql( $tax_obj->object_type );
-	$results      = $wpdb->get_results( "SELECT object_id, term_taxonomy_id FROM $wpdb->term_relationships INNER JOIN $wpdb->posts ON object_id = ID WHERE term_taxonomy_id IN (" . implode( ',', array_keys( $term_ids ) ) . ") AND post_type IN ('" . implode( "', '", $object_types ) . "') AND post_status = 'publish'" );
+	$object_types = (array) $tax_obj->object_type;
+
+	//Filter invalid post types for consistency with _update_post_term_count().
+	$object_types = array_filter( $object_types, 'post_type_exists' );
+	if ( empty( $object_types ) ) {
+		return;
+	}
+
+	$results = $wpdb->get_results(
+		$wpdb->prepare(
+			"SELECT object_id, term_taxonomy_id FROM $wpdb->term_relationships INNER JOIN $wpdb->posts ON object_id = ID WHERE term_taxonomy_id IN (" . implode( ',', array_fill( 0, count( $term_ids ), '%d' ) ) . ') AND post_type IN (' . implode( ',', array_fill( 0, count( $object_types ), '%s' ) ) . ") AND post_status = 'publish'",
+			array_merge( array_keys( $term_ids ), $object_types )
+		)
+	);
 
 	foreach ( $results as $row ) {
 		$id = $term_ids[ $row->term_taxonomy_id ];

tests/phpunit/tests/taxonomy.php

@@ -16,7 +16,12 @@ public static function wpSetUpBeforeClass( WP_UnitTest_Factory $factory ) {
 		self::$editor_id = $factory->user->create( array( 'role' => 'editor' ) );
 	}
 
-	public function test_get_post_taxonomies() {
+	/*************  ✨ Windsurf Command ⭐  *************/
+	/**
+	 * Tests that get_object_taxonomies returns all taxonomies associated with the 'post' object type.
+	 * @since 2.5.0
+	 */
+	/*******  47033ee7-498b-4bba-8cf1-3758976c8603  *******/    public function test_get_post_taxonomies() {
 		$this->assertSame( array( 'category', 'post_tag', 'post_format' ), get_object_taxonomies( 'post' ) );
 	}
 
@@ -1124,4 +1129,66 @@ public function test_default_term_for_post_in_multiple_taxonomies() {
 		$this->assertContains( $tax1, $taxonomies );
 		$this->assertContains( $tax2, $taxonomies );
 	}
+
+	/**
+	 * @ticket 65055
+	 * Filter invalid post types before SQL query
+	 */
+	public function test_pad_term_counts_with_invalid_post_types() {
+		register_taxonomy( 'invalid_tax', array( 'non_existent_type' ), array( 'hierarchical' => true ) );
+
+		$parent = self::factory()->term->create( array( 'taxonomy' => 'invalid_tax' ) );
+		self::factory()->term->create(
+			array(
+				'taxonomy' => 'invalid_tax', // 確保跟父節點是同一個 Taxonomy
+				'parent'   => $parent,
+			)
+		);
+
+		_get_term_hierarchy( 'invalid_tax' );
+
+		$terms = get_terms(
+			array(
+				'taxonomy'   => 'invalid_tax',
+				'hide_empty' => false,
+			)
+		);
+
+		_pad_term_counts( $terms, 'invalid_tax' );
+
+		$this->assertEquals( 0, $terms[0]->count );
+	}
+
+	/**
+	 * @ticket 65055
+	 */
+	public function test_pad_term_counts_with_standard_post_types() {
+		register_post_type( 'book' );
+		register_taxonomy( 'genre', array( 'book' ), array( 'hierarchical' => true ) ); // 確保階層屬性開啟
+
+		$parent = self::factory()->term->create( array( 'taxonomy' => 'genre' ) );
+		$child  = self::factory()->term->create(
+			array(
+				'taxonomy' => 'genre',
+				'parent'   => $parent,
+			)
+		);
+
+		_get_term_hierarchy( 'genre' );
+
+		$post_id = self::factory()->post->create( array( 'post_type' => 'book' ) );
+		wp_set_object_terms( $post_id, $child, 'genre' );
+
+		$terms = get_terms(
+			array(
+				'taxonomy'   => 'genre',
+				'hide_empty' => false,
+			)
+		);
+
+		_pad_term_counts( $terms, 'genre' );
+
+		$parent_term = wp_list_filter( $terms, array( 'term_id' => $parent ) );
+		$this->assertEquals( 1, current( $parent_term )->count, 'Parent terms should include post counts from their child terms' );
+	}
 }