diff --git a/src/wp-includes/class-wp-query.php b/src/wp-includes/class-wp-query.php index cc1bff5320..3762802a72 100644 --- a/src/wp-includes/class-wp-query.php +++ b/src/wp-includes/class-wp-query.php @@ -792,29 +792,41 @@ class WP_Query { $qv['p'] = (int) $qv['p']; } - $qv['page_id'] = absint( $qv['page_id'] ); - $qv['year'] = absint( $qv['year'] ); - $qv['monthnum'] = absint( $qv['monthnum'] ); - $qv['day'] = absint( $qv['day'] ); - $qv['w'] = absint( $qv['w'] ); + $qv['page_id'] = is_scalar( $qv['page_id'] ) ? absint( $qv['page_id'] ) : 0; + $qv['year'] = is_scalar( $qv['year'] ) ? absint( $qv['year'] ) : 0; + $qv['monthnum'] = is_scalar( $qv['monthnum'] ) ? absint( $qv['monthnum'] ) : 0; + $qv['day'] = is_scalar( $qv['day'] ) ? absint( $qv['day'] ) : 0; + $qv['w'] = is_scalar( $qv['w'] ) ? absint( $qv['w'] ) : 0; $qv['m'] = is_scalar( $qv['m'] ) ? preg_replace( '|[^0-9]|', '', $qv['m'] ) : ''; - $qv['paged'] = absint( $qv['paged'] ); - $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // Comma-separated list of positive or negative integers. - $qv['author'] = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // Comma-separated list of positive or negative integers. - $qv['pagename'] = trim( $qv['pagename'] ); - $qv['name'] = trim( $qv['name'] ); - $qv['title'] = trim( $qv['title'] ); - if ( '' !== $qv['hour'] ) { + $qv['paged'] = is_scalar( $qv['paged'] ) ? absint( $qv['paged'] ) : 0; + $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // Array or comma-separated list of positive or negative integers. + $qv['author'] = is_scalar( $qv['author'] ) ? preg_replace( '|[^0-9,-]|', '', $qv['author'] ) : ''; // Comma-separated list of positive or negative integers. + $qv['pagename'] = is_scalar( $qv['pagename'] ) ? trim( $qv['pagename'] ) : ''; + $qv['name'] = is_scalar( $qv['name'] ) ? trim( $qv['name'] ) : ''; + $qv['title'] = is_scalar( $qv['title'] ) ? trim( $qv['title'] ) : ''; + + if ( is_scalar( $qv['hour'] ) && '' !== $qv['hour'] ) { $qv['hour'] = absint( $qv['hour'] ); + } else { + $qv['hour'] = ''; } - if ( '' !== $qv['minute'] ) { + + if ( is_scalar( $qv['minute'] ) && '' !== $qv['minute'] ) { $qv['minute'] = absint( $qv['minute'] ); + } else { + $qv['minute'] = ''; } - if ( '' !== $qv['second'] ) { + + if ( is_scalar( $qv['second'] ) && '' !== $qv['second'] ) { $qv['second'] = absint( $qv['second'] ); + } else { + $qv['second'] = ''; } - if ( '' !== $qv['menu_order'] ) { + + if ( is_scalar( $qv['menu_order'] ) && '' !== $qv['menu_order'] ) { $qv['menu_order'] = absint( $qv['menu_order'] ); + } else { + $qv['menu_order'] = ''; } // Fairly large, potentially too large, upper bound for search string lengths. @@ -823,14 +835,14 @@ class WP_Query { } // Compat. Map subpost to attachment. - if ( '' != $qv['subpost'] ) { + if ( is_scalar( $qv['subpost'] ) && '' != $qv['subpost'] ) { $qv['attachment'] = $qv['subpost']; } - if ( '' != $qv['subpost_id'] ) { + if ( is_scalar( $qv['subpost_id'] ) && '' != $qv['subpost_id'] ) { $qv['attachment_id'] = $qv['subpost_id']; } - $qv['attachment_id'] = absint( $qv['attachment_id'] ); + $qv['attachment_id'] = is_scalar( $qv['attachment_id'] ) ? absint( $qv['attachment_id'] ) : 0; if ( ( '' !== $qv['attachment'] ) || ! empty( $qv['attachment_id'] ) ) { $this->is_single = true; diff --git a/tests/phpunit/tests/query/parseQuery.php b/tests/phpunit/tests/query/parseQuery.php index 5b3625ed0f..bbf3f1217f 100644 --- a/tests/phpunit/tests/query/parseQuery.php +++ b/tests/phpunit/tests/query/parseQuery.php @@ -104,4 +104,133 @@ class Tests_Query_ParseQuery extends WP_UnitTestCase { $this->assertSame( '404', $q->query_vars['error'] ); } + /** + * Ensure an array of authors is rejected. + * + * @ticket 17737 + */ + public function test_parse_query_author_array() { + $q = new WP_Query(); + $q->parse_query( + array( + 'author' => array( 1, 2, 3 ), + ) + ); + + $this->assertEmpty( $q->query_vars['author'] ); + } + + /** + * Ensure a non-scalar (non-numeric) author value is rejected. + * + * @ticket 17737 + */ + public function test_parse_query_author_string() { + $q = new WP_Query(); + $q->parse_query( + array( + 'author' => 'admin', + ) + ); + + $this->assertEmpty( $q->query_vars['author'] ); + } + + /** + * Ensure nonscalar 'cat' array values are rejected. + * + * Note the returned 'cat' query_var value is a string. + * + * @ticket 17737 + */ + public function test_parse_query_cat_array_mixed() { + $q = new WP_Query(); + $q->parse_query( + array( + 'cat' => array( 1, 'uncategorized', '-1' ), + ) + ); + + $this->assertSame( '1,-1', $q->query_vars['cat'] ); + } + + /** + * Ensure a nonscalar menu_order value is rejected. + * + * @ticket 17737 + */ + public function test_parse_query_menu_order_nonscalar() { + $q = new WP_Query(); + $q->parse_query( + array( + 'menu_order' => array( 1 ), + ) + ); + + $this->assertEmpty( $q->query_vars['menu_order'] ); + } + + /** + * Ensure numeric 'subpost' gets assigned to 'attachment'. + * + * @ticket 17737 + */ + public function test_parse_query_subpost_scalar() { + $q = new WP_Query(); + $q->parse_query( + array( + 'subpost' => 1, + ) + ); + + $this->assertSame( 1, $q->query_vars['attachment'] ); + } + + /** + * Ensure non-scalar 'subpost' does not get assigned to 'attachment'. + * + * @ticket 17737 + */ + public function test_parse_query_subpost_nonscalar() { + $q = new WP_Query(); + $q->parse_query( + array( + 'subpost' => array( 1 ), + ) + ); + + $this->assertEmpty( $q->query_vars['attachment'] ); + } + + /** + * Ensure numeric 'attachment_id' value is assigned. + * + * @ticket 17737 + */ + public function test_parse_query_attachment_id() { + $q = new WP_Query(); + $q->parse_query( + array( + 'attachment_id' => 1, + ) + ); + + $this->assertSame( 1, $q->query_vars['attachment_id'] ); + } + + /** + * Ensure non-scalar 'attachment_id' value is rejected. + * + * @ticket 17737 + */ + public function test_parse_query_attachment_id_nonscalar() { + $q = new WP_Query(); + $q->parse_query( + array( + 'attachment_id' => array( 1 ), + ) + ); + + $this->assertEmpty( $q->query_vars['attachment_id'] ); + } }