mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2025-10-16 12:05:38 +00:00
Query: Be better at forcing data types for query vars.
Several query vars only accept a scalar value and pass the value through functions that assume a scalar value. Adding extra guard conditions to the types of query vars doesn't affect their functionality but does remove PHP notices and warnings that can otherwise be generated when a non-scalar value such as an array is present in a query var. Props juliobox, xknown, SergeyBiryukov, dave1010, nacin, tellyworth, dd32, audrasjb, johnregan3 Fixes #17737 git-svn-id: https://develop.svn.wordpress.org/trunk@53891 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn
parent
d1e22dbad8
commit
01c9ea7540
@ -792,29 +792,41 @@ class WP_Query {
|
||||
$qv['p'] = (int) $qv['p'];
|
||||
}
|
||||
|
||||
$qv['page_id'] = absint( $qv['page_id'] );
|
||||
$qv['year'] = absint( $qv['year'] );
|
||||
$qv['monthnum'] = absint( $qv['monthnum'] );
|
||||
$qv['day'] = absint( $qv['day'] );
|
||||
$qv['w'] = absint( $qv['w'] );
|
||||
$qv['page_id'] = is_scalar( $qv['page_id'] ) ? absint( $qv['page_id'] ) : 0;
|
||||
$qv['year'] = is_scalar( $qv['year'] ) ? absint( $qv['year'] ) : 0;
|
||||
$qv['monthnum'] = is_scalar( $qv['monthnum'] ) ? absint( $qv['monthnum'] ) : 0;
|
||||
$qv['day'] = is_scalar( $qv['day'] ) ? absint( $qv['day'] ) : 0;
|
||||
$qv['w'] = is_scalar( $qv['w'] ) ? absint( $qv['w'] ) : 0;
|
||||
$qv['m'] = is_scalar( $qv['m'] ) ? preg_replace( '|[^0-9]|', '', $qv['m'] ) : '';
|
||||
$qv['paged'] = absint( $qv['paged'] );
|
||||
$qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // Comma-separated list of positive or negative integers.
|
||||
$qv['author'] = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // Comma-separated list of positive or negative integers.
|
||||
$qv['pagename'] = trim( $qv['pagename'] );
|
||||
$qv['name'] = trim( $qv['name'] );
|
||||
$qv['title'] = trim( $qv['title'] );
|
||||
if ( '' !== $qv['hour'] ) {
|
||||
$qv['paged'] = is_scalar( $qv['paged'] ) ? absint( $qv['paged'] ) : 0;
|
||||
$qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // Array or comma-separated list of positive or negative integers.
|
||||
$qv['author'] = is_scalar( $qv['author'] ) ? preg_replace( '|[^0-9,-]|', '', $qv['author'] ) : ''; // Comma-separated list of positive or negative integers.
|
||||
$qv['pagename'] = is_scalar( $qv['pagename'] ) ? trim( $qv['pagename'] ) : '';
|
||||
$qv['name'] = is_scalar( $qv['name'] ) ? trim( $qv['name'] ) : '';
|
||||
$qv['title'] = is_scalar( $qv['title'] ) ? trim( $qv['title'] ) : '';
|
||||
|
||||
if ( is_scalar( $qv['hour'] ) && '' !== $qv['hour'] ) {
|
||||
$qv['hour'] = absint( $qv['hour'] );
|
||||
} else {
|
||||
$qv['hour'] = '';
|
||||
}
|
||||
if ( '' !== $qv['minute'] ) {
|
||||
|
||||
if ( is_scalar( $qv['minute'] ) && '' !== $qv['minute'] ) {
|
||||
$qv['minute'] = absint( $qv['minute'] );
|
||||
} else {
|
||||
$qv['minute'] = '';
|
||||
}
|
||||
if ( '' !== $qv['second'] ) {
|
||||
|
||||
if ( is_scalar( $qv['second'] ) && '' !== $qv['second'] ) {
|
||||
$qv['second'] = absint( $qv['second'] );
|
||||
} else {
|
||||
$qv['second'] = '';
|
||||
}
|
||||
if ( '' !== $qv['menu_order'] ) {
|
||||
|
||||
if ( is_scalar( $qv['menu_order'] ) && '' !== $qv['menu_order'] ) {
|
||||
$qv['menu_order'] = absint( $qv['menu_order'] );
|
||||
} else {
|
||||
$qv['menu_order'] = '';
|
||||
}
|
||||
|
||||
// Fairly large, potentially too large, upper bound for search string lengths.
|
||||
@ -823,14 +835,14 @@ class WP_Query {
|
||||
}
|
||||
|
||||
// Compat. Map subpost to attachment.
|
||||
if ( '' != $qv['subpost'] ) {
|
||||
if ( is_scalar( $qv['subpost'] ) && '' != $qv['subpost'] ) {
|
||||
$qv['attachment'] = $qv['subpost'];
|
||||
}
|
||||
if ( '' != $qv['subpost_id'] ) {
|
||||
if ( is_scalar( $qv['subpost_id'] ) && '' != $qv['subpost_id'] ) {
|
||||
$qv['attachment_id'] = $qv['subpost_id'];
|
||||
}
|
||||
|
||||
$qv['attachment_id'] = absint( $qv['attachment_id'] );
|
||||
$qv['attachment_id'] = is_scalar( $qv['attachment_id'] ) ? absint( $qv['attachment_id'] ) : 0;
|
||||
|
||||
if ( ( '' !== $qv['attachment'] ) || ! empty( $qv['attachment_id'] ) ) {
|
||||
$this->is_single = true;
|
||||
|
||||
@ -104,4 +104,133 @@ class Tests_Query_ParseQuery extends WP_UnitTestCase {
|
||||
$this->assertSame( '404', $q->query_vars['error'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure an array of authors is rejected.
|
||||
*
|
||||
* @ticket 17737
|
||||
*/
|
||||
public function test_parse_query_author_array() {
|
||||
$q = new WP_Query();
|
||||
$q->parse_query(
|
||||
array(
|
||||
'author' => array( 1, 2, 3 ),
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertEmpty( $q->query_vars['author'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure a non-scalar (non-numeric) author value is rejected.
|
||||
*
|
||||
* @ticket 17737
|
||||
*/
|
||||
public function test_parse_query_author_string() {
|
||||
$q = new WP_Query();
|
||||
$q->parse_query(
|
||||
array(
|
||||
'author' => 'admin',
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertEmpty( $q->query_vars['author'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure nonscalar 'cat' array values are rejected.
|
||||
*
|
||||
* Note the returned 'cat' query_var value is a string.
|
||||
*
|
||||
* @ticket 17737
|
||||
*/
|
||||
public function test_parse_query_cat_array_mixed() {
|
||||
$q = new WP_Query();
|
||||
$q->parse_query(
|
||||
array(
|
||||
'cat' => array( 1, 'uncategorized', '-1' ),
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertSame( '1,-1', $q->query_vars['cat'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure a nonscalar menu_order value is rejected.
|
||||
*
|
||||
* @ticket 17737
|
||||
*/
|
||||
public function test_parse_query_menu_order_nonscalar() {
|
||||
$q = new WP_Query();
|
||||
$q->parse_query(
|
||||
array(
|
||||
'menu_order' => array( 1 ),
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertEmpty( $q->query_vars['menu_order'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure numeric 'subpost' gets assigned to 'attachment'.
|
||||
*
|
||||
* @ticket 17737
|
||||
*/
|
||||
public function test_parse_query_subpost_scalar() {
|
||||
$q = new WP_Query();
|
||||
$q->parse_query(
|
||||
array(
|
||||
'subpost' => 1,
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertSame( 1, $q->query_vars['attachment'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure non-scalar 'subpost' does not get assigned to 'attachment'.
|
||||
*
|
||||
* @ticket 17737
|
||||
*/
|
||||
public function test_parse_query_subpost_nonscalar() {
|
||||
$q = new WP_Query();
|
||||
$q->parse_query(
|
||||
array(
|
||||
'subpost' => array( 1 ),
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertEmpty( $q->query_vars['attachment'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure numeric 'attachment_id' value is assigned.
|
||||
*
|
||||
* @ticket 17737
|
||||
*/
|
||||
public function test_parse_query_attachment_id() {
|
||||
$q = new WP_Query();
|
||||
$q->parse_query(
|
||||
array(
|
||||
'attachment_id' => 1,
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertSame( 1, $q->query_vars['attachment_id'] );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure non-scalar 'attachment_id' value is rejected.
|
||||
*
|
||||
* @ticket 17737
|
||||
*/
|
||||
public function test_parse_query_attachment_id_nonscalar() {
|
||||
$q = new WP_Query();
|
||||
$q->parse_query(
|
||||
array(
|
||||
'attachment_id' => array( 1 ),
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertEmpty( $q->query_vars['attachment_id'] );
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user