Commit 11a3a91511 for wordpress.org
commit 11a3a9151177998046762054ad4f141f34706e11
Author: John Blackbourn <johnbillion@git.wordpress.org>
Date: Sat Aug 13 22:31:11 2022 +0000
Query: Be better at forcing data types for query vars.
Several query vars only accept a scalar value and pass the value through functions that assume a scalar value. Adding extra guard conditions to the types of query vars doesn't affect their functionality but does remove PHP notices and warnings that can otherwise be generated when a non-scalar value such as an array is present in a query var.
Props juliobox, xknown, SergeyBiryukov, dave1010, nacin, tellyworth, dd32, audrasjb, johnregan3
Fixes #17737
Built from https://develop.svn.wordpress.org/trunk@53891
git-svn-id: http://core.svn.wordpress.org/trunk@53450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
diff --git a/wp-includes/class-wp-query.php b/wp-includes/class-wp-query.php
index cc1bff5320..3762802a72 100644
--- a/wp-includes/class-wp-query.php
+++ b/wp-includes/class-wp-query.php
@@ -792,29 +792,41 @@ class WP_Query {
$qv['p'] = (int) $qv['p'];
}
- $qv['page_id'] = absint( $qv['page_id'] );
- $qv['year'] = absint( $qv['year'] );
- $qv['monthnum'] = absint( $qv['monthnum'] );
- $qv['day'] = absint( $qv['day'] );
- $qv['w'] = absint( $qv['w'] );
+ $qv['page_id'] = is_scalar( $qv['page_id'] ) ? absint( $qv['page_id'] ) : 0;
+ $qv['year'] = is_scalar( $qv['year'] ) ? absint( $qv['year'] ) : 0;
+ $qv['monthnum'] = is_scalar( $qv['monthnum'] ) ? absint( $qv['monthnum'] ) : 0;
+ $qv['day'] = is_scalar( $qv['day'] ) ? absint( $qv['day'] ) : 0;
+ $qv['w'] = is_scalar( $qv['w'] ) ? absint( $qv['w'] ) : 0;
$qv['m'] = is_scalar( $qv['m'] ) ? preg_replace( '|[^0-9]|', '', $qv['m'] ) : '';
- $qv['paged'] = absint( $qv['paged'] );
- $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // Comma-separated list of positive or negative integers.
- $qv['author'] = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // Comma-separated list of positive or negative integers.
- $qv['pagename'] = trim( $qv['pagename'] );
- $qv['name'] = trim( $qv['name'] );
- $qv['title'] = trim( $qv['title'] );
- if ( '' !== $qv['hour'] ) {
+ $qv['paged'] = is_scalar( $qv['paged'] ) ? absint( $qv['paged'] ) : 0;
+ $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // Array or comma-separated list of positive or negative integers.
+ $qv['author'] = is_scalar( $qv['author'] ) ? preg_replace( '|[^0-9,-]|', '', $qv['author'] ) : ''; // Comma-separated list of positive or negative integers.
+ $qv['pagename'] = is_scalar( $qv['pagename'] ) ? trim( $qv['pagename'] ) : '';
+ $qv['name'] = is_scalar( $qv['name'] ) ? trim( $qv['name'] ) : '';
+ $qv['title'] = is_scalar( $qv['title'] ) ? trim( $qv['title'] ) : '';
+
+ if ( is_scalar( $qv['hour'] ) && '' !== $qv['hour'] ) {
$qv['hour'] = absint( $qv['hour'] );
+ } else {
+ $qv['hour'] = '';
}
- if ( '' !== $qv['minute'] ) {
+
+ if ( is_scalar( $qv['minute'] ) && '' !== $qv['minute'] ) {
$qv['minute'] = absint( $qv['minute'] );
+ } else {
+ $qv['minute'] = '';
}
- if ( '' !== $qv['second'] ) {
+
+ if ( is_scalar( $qv['second'] ) && '' !== $qv['second'] ) {
$qv['second'] = absint( $qv['second'] );
+ } else {
+ $qv['second'] = '';
}
- if ( '' !== $qv['menu_order'] ) {
+
+ if ( is_scalar( $qv['menu_order'] ) && '' !== $qv['menu_order'] ) {
$qv['menu_order'] = absint( $qv['menu_order'] );
+ } else {
+ $qv['menu_order'] = '';
}
// Fairly large, potentially too large, upper bound for search string lengths.
@@ -823,14 +835,14 @@ class WP_Query {
}
// Compat. Map subpost to attachment.
- if ( '' != $qv['subpost'] ) {
+ if ( is_scalar( $qv['subpost'] ) && '' != $qv['subpost'] ) {
$qv['attachment'] = $qv['subpost'];
}
- if ( '' != $qv['subpost_id'] ) {
+ if ( is_scalar( $qv['subpost_id'] ) && '' != $qv['subpost_id'] ) {
$qv['attachment_id'] = $qv['subpost_id'];
}
- $qv['attachment_id'] = absint( $qv['attachment_id'] );
+ $qv['attachment_id'] = is_scalar( $qv['attachment_id'] ) ? absint( $qv['attachment_id'] ) : 0;
if ( ( '' !== $qv['attachment'] ) || ! empty( $qv['attachment_id'] ) ) {
$this->is_single = true;
diff --git a/wp-includes/version.php b/wp-includes/version.php
index c6b0a5a357..1d72ca15d6 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
-$wp_version = '6.1-alpha-53890';
+$wp_version = '6.1-alpha-53891';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.