[Block Library - Query Loop]: Fix some missing term sanitizations (#3…

…9970) * [Block Library - Query Loop]: Fix use the sanitized term ids * sanitize terms and check if taxonomies are eligible to be shown * ensure the data is safe closer to the point it used
WordPress · Apr 4, 2022 · dd377a5 · dd377a5
1 parent e48f668
commit dd377a5
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/lib/compat/wordpress-6.0/blocks.php b/lib/compat/wordpress-6.0/blocks.php
@@ -79,14 +79,14 @@ function gutenberg_build_query_vars_from_query_block( $block, $page ) {
 			if ( ! empty( $block->context['query']['categoryIds'] ) ) {
 				$tax_query[] = array(
 					'taxonomy'         => 'category',
-					'terms'            => $block->context['query']['categoryIds'],
+					'terms'            => array_filter( array_map( 'intval', $block->context['query']['categoryIds'] ) ),
 					'include_children' => false,
 				);
 			}
 			if ( ! empty( $block->context['query']['tagIds'] ) ) {
 				$tax_query[] = array(
 					'taxonomy'         => 'post_tag',
-					'terms'            => $block->context['query']['tagIds'],
+					'terms'            => array_filter( array_map( 'intval', $block->context['query']['tagIds'] ) ),
 					'include_children' => false,
 				);
 			}
@@ -95,13 +95,10 @@ function gutenberg_build_query_vars_from_query_block( $block, $page ) {
 		if ( ! empty( $block->context['query']['taxQuery'] ) ) {
 			$query['tax_query'] = array();
 			foreach ( $block->context['query']['taxQuery'] as $taxonomy => $terms ) {
-				if ( ! empty( $terms ) ) {
-					$term_ids = array_map( 'intval', $terms );
-					$term_ids = array_filter( $term_ids );
-
+				if ( is_taxonomy_viewable( $taxonomy ) && ! empty( $terms ) ) {
 					$query['tax_query'][] = array(
 						'taxonomy'         => $taxonomy,
-						'terms'            => $terms,
+						'terms'            => array_filter( array_map( 'intval', $terms ) ),
 						'include_children' => false,
 					);
 				}