From 00c39a3f98cc6358ad764940de85a6c8c42b176b Mon Sep 17 00:00:00 2001 From: Boone Gorges Date: Fri, 29 Apr 2016 13:14:18 +0000 Subject: [PATCH] Query: Discard non-scalar 'm' instead of attempting to sanitize. `WP_Query` discards most non-array date values ('year', 'monthnum', etc) by casting to integer. Since [25138], the 'm' parameter has been handled as a string; see #24884. However, the string-handling introduced in [25138] blindly attempted to handle arrays and other non-scalar types as strings, resulting in PHP notices and invalid MySQL syntax. Props vortfu. Fixes #36718. git-svn-id: https://develop.svn.wordpress.org/trunk@37324 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/query.php | 2 +- tests/phpunit/tests/query/date.php | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/query.php b/src/wp-includes/query.php index 12c532628f..bc205894c6 100644 --- a/src/wp-includes/query.php +++ b/src/wp-includes/query.php @@ -1593,7 +1593,7 @@ class WP_Query { $qv['monthnum'] = absint($qv['monthnum']); $qv['day'] = absint($qv['day']); $qv['w'] = absint($qv['w']); - $qv['m'] = preg_replace( '|[^0-9]|', '', $qv['m'] ); + $qv['m'] = is_scalar( $qv['m'] ) ? preg_replace( '|[^0-9]|', '', $qv['m'] ) : ''; $qv['paged'] = absint($qv['paged']); $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers $qv['author'] = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // comma separated list of positive or negative integers diff --git a/tests/phpunit/tests/query/date.php b/tests/phpunit/tests/query/date.php index 9af9655bdc..ed5231b2c6 100644 --- a/tests/phpunit/tests/query/date.php +++ b/tests/phpunit/tests/query/date.php @@ -258,6 +258,18 @@ class Tests_Query_Date extends WP_UnitTestCase { $this->assertEquals( $expected_dates, wp_list_pluck( $posts, 'post_date' ) ); } + /** + * @ticket 36718 + */ + public function test_non_scalar_m_should_be_discarded() { + $expected = $this->_get_query_result( ); + $posts = $this->_get_query_result( array( + 'm' => array( '1234' ), // ignored + ) ); + + $this->assertEquals( $expected, $posts ); + } + public function test_simple_monthnum_expecting_results() { $posts = $this->_get_query_result( array( 'monthnum' => 5,